Jump to content

C:/WINDOWS/assembly/GAC_MSIL/desktop.ini PLEASE HELP ME!


Recommended Posts

I have been trying to get this virus off of my computer for about two days now because it keeps infecting everything! >.< I have AVG Anti-virus software but everytime I try to scan the computer this virus kills the scan process and then I am no longer to view the vault. The software my computer cam with was Symantec Endpoint protection and that was working fine but this virus completely destroyed that program and it no longer scans or I can no longer update it. Whenever I try to install a new anti-virus software it immediately kills it's process seconds after it starts and infects the programs ".exe" file so I can no longer use it, even when I run the computer in safe mode! I've even tried Kaspersky Virus Removal Tool which only works in Safe Mode for some reason, but even then the program shuts out about halfway into the scan. It's always when it comes into contact with the virus and then the virus just kills the program and I have to start all over.

I have gone into command prompt and changed the look of the "assembly" folder to get to "C:/WINDOWS/assembly/GAC_MSIL/desktop.ini" but it keeps saying "Access is denied" whenever I try to delete the "desktop.ini" folder. When I go into the "GAC_MSIL" folder through explorer(which is infected to btw) I can't see any file named "desktop"; I only see a bunch of folders.

Please HELP! I have no idea what to do! This is my only computer I have for college and I have no money to pay for someone to fix it for me. I HAVE to do it myself from home with the help of someone who knows what they're doing.

dds.txt

attach.zip

[it told me to put the attach.txt into a .zip folder but I dunno if you wanted me to or not so I did it just in case.]

Hello! Okay so my post wasn't replied to in FOUR days! O.O But that's okay I think I know what was wrong with my computer!

I logged what I did for you to see! ^_^

I had the 2011 Google Redirect virus! The way I fixed it was I went into Safe Mode on my laptop(Windows XP Professional Service Pack 3) and I ran "TDSSKiller" which was downloaded safely thanks to Malwarebytes software blocking all the malicious IP Addresses that were desperately trying to give my computer cancer - no offense to people who've had it! - and then when TDSSKiller found the two files responisble(the desktop.ini inside the GAC_MSIL folder and the Zero access file in the WINDOWS folder) it was never able to touch desktop.ini because it would get deleted. TDSSKiller did something - I've no idea what - and it blocked the virus from kicking me out of any virus removal program. From there I ran the virus removal program from the same company that made TDSSKiller and it took FOREVER but it got rid of everything EXCEPT the Zero access file which I used Fileassassin to destroy on startup - I had to restart the computer to finalize the deletion of one of the infected files. I didn't have to boot back into safe mode I believe but I did it just to be on the safe side.

So everything SEEMS to be back to normal except Norton's Symantec is completely GONE because the virus savagely tore it to shreds - and it was paid for and everything - but I might stick with either AGV or Malwarebytes. You guy's program is WAAAAAY better but my friend already sort of paid for AGV but I'm keeping the trial of Maywarebytes on my computer just in case. OMG thank you so much!!!!!!!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by All at 0:26:26 on 2011-10-21

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2038.1187 [GMT -7:00]

.

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\1570996205:310402210.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\conime.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

uInternet Settings,ProxyOverride = <-loopback>;;*.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uWinlogon: Shell=d:\documents and settings\all\local settings\application data\ed7fa35d\X

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PolicyMaker Browser Helper: {0a9cdb52-ebdf-4210-9c6a-b90c2fd410ab} - c:\windows\system32\pmbho.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Softonic-eng63 Toolbar: {3194279c-0d90-48cb-bcaa-aed274e2237f} - c:\program files\softonic-eng63\prxtbSoft.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll

BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll

BHO: Updater For PassionUp Toolbar: {9a782146-1aef-4ebc-9641-d4309f8a67a4} - c:\program files\passionuptoolbar\auxi\passionuptoolbAu.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Shockwave Game Bar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Softonic-eng63 Toolbar: {3194279c-0d90-48cb-bcaa-aed274e2237f} - c:\program files\softonic-eng63\prxtbSoft.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll

TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll

TB: Shockwave Game Bar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "d:\documents and settings\all\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [avg_spchecker] "c:\program files\avg\avg8\notification\SPChecker.exe" /start

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: d:\docume~1\all\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

IE: &Search - http://tbedits.dailybibleguide.com/one-toolbaredits/menusearch.jhtml?s=100000422&p=XMxdm003YYus&si=CJ3DmuCAgKsCFSgbQgodR3MRzQ&a=352EEB47-F193-4D97-8784-FFAEDD036305&n=2011090222

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: brownandtoland.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {1B635021-8269-11D8-9E2B-004005A9ABD2} - hxxp://webmcb20/esaweb/TX.cab

DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} - hxxp://webmcb20/esaweb/wspellam.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229973960443

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250019507656

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - d:\documents and settings\all\application data\mozilla\firefox\profiles\zduvndx4.default\

FF - prefs.js: browser.search.selectedEngine - My Way

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptb=352EEB47-F193-4D97-8784-FFAEDD036305&psa=&ind=2011090222&ptnrS=XMxdm003YYus&si=CJ3DmuCAgKsCFSgbQgodR3MRzQ&st=kwd&n=77decd2e&searchfor=

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\iwonei\installr\2.bin\NPjfEISb.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: d:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: d:\documents and settings\all\application data\mozilla\firefox\profiles\zduvndx4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: d:\documents and settings\all\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: d:\documents and settings\all\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: d:\documents and settings\all\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: extentions.y2layers.installId - 0765e6eb-ce8d-4202-adcd-ab3478ab4688

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-10-19 12552]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-10-19 32008]

R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2008-2-7 21504]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-10-19 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-10-19 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-10-19 108552]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-1 233024]

R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-10-19 76696]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2011-10-20 297752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-20 366152]

R2 pmsecdrv253162;PolicyMaker Security Driver - pmsecdrv253162;c:\windows\system32\drivers\pmsecdrv253162.sys [2008-2-12 223488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-20 22216]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100825.002\NAVENG.SYS [2010-8-25 85424]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100825.002\NAVEX15.SYS [2010-8-25 1362608]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-10-19 26096]

S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-10-19 6416120]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 130560]

S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-5-9 2240944]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-11-21 2048000]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2008-11-21 144480]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;d:\docume~1\all\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2011-10-20 70144]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 130560]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-20 23624]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-10-21 06:10:33 -------- d-----w- d:\documents and settings\all\application data\f-secure

2011-10-21 06:09:52 -------- d-----w- d:\documents and settings\all users\application data\F-Secure

2011-10-21 03:14:58 -------- d-----w- d:\documents and settings\all\application data\Malwarebytes

2011-10-21 03:14:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-21 03:14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-21 03:14:04 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-21 03:10:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-10-21 03:09:48 -------- d-----w- d:\documents and settings\all users\application data\Hitman Pro

2011-10-21 03:07:38 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes

2011-10-20 23:53:38 -------- d-----w- d:\documents and settings\all\application data\DriverCure

2011-10-20 23:53:36 -------- d-----w- d:\documents and settings\all\application data\ParetoLogic

2011-10-20 23:53:23 -------- d-----w- c:\program files\common files\ParetoLogic

2011-10-20 23:53:22 -------- d-----w- d:\documents and settings\all users\application data\ParetoLogic

2011-10-20 23:53:22 -------- d-----w- c:\program files\ParetoLogic

2011-10-20 06:31:38 -------- d-----w- d:\documents and settings\all\application data\AVGTOOLBAR

2011-10-20 06:06:35 -------- d-----w- c:\program files\FileASSASSIN

2011-10-20 03:00:28 -------- d-----w- c:\program files\ESET

2011-10-20 02:53:50 -------- d-----w- d:\documents and settings\all\application data\QuickScan

2011-10-20 00:40:13 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-10-20 00:40:12 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-10-20 00:40:12 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-10-20 00:40:11 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-10-20 00:40:11 -------- d-----w- c:\program files\Prevx

2011-10-20 00:40:02 -------- d-----w- d:\documents and settings\all users\application data\PrevxCSI

2011-10-20 00:35:30 -------- d-----w- C:\avg

2011-10-19 18:52:23 621944 ----a-w- c:\windows\pskill.exe

2011-10-19 12:24:17 -------- d-----w- d:\documents and settings\all\application data\AVG8

2011-10-19 09:23:08 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-10-19 09:23:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2011-10-19 09:23:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-10-19 09:22:58 -------- d-----w- c:\windows\system32\drivers\Avg

2011-10-19 09:22:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-19 09:22:48 -------- d-----w- d:\documents and settings\all users\application data\avg8

2011-10-19 09:22:48 -------- d-----w- c:\program files\AVG

2011-10-19 06:43:33 -------- d-----w- d:\documents and settings\all\application data\AVG

2011-10-19 04:26:13 -------- d--h--w- d:\documents and settings\all users\application data\Common Files

2011-10-19 04:25:44 -------- d-----w- d:\documents and settings\all users\application data\MFAData

2011-10-18 10:27:40 -------- d-----w- c:\program files\microsoft games

2011-10-18 06:56:26 -------- d-----w- d:\documents and settings\all\application data\FlightSimTools.com

2011-10-18 06:53:11 -------- d-----w- c:\program files\FS2004SDK

2011-10-18 06:52:54 -------- d-----w- c:\windows\Downloaded Installations

2011-10-18 06:51:08 -------- d-----w- c:\program files\FlightSimTools.com

2011-10-18 05:29:06 -------- d-sh--w- d:\documents and settings\all\local settings\application data\ed7fa35d

2011-10-17 10:32:40 49664 ----a-w- c:\windows\system32\CamCodec.dll

2011-10-17 10:32:40 -------- d-----w- c:\program files\CamStudio 2.6b

2011-10-16 16:48:28 -------- d-----w- c:\program files\Mann(English Version)

2011-10-14 04:34:06 -------- d-----w- c:\program files\Sally's Salon

2011-10-14 04:31:06 -------- d-----w- c:\program files\Sallys Spa

2011-10-14 04:30:15 -------- d-----w- c:\program files\Wendys Wellness

2011-10-14 04:28:54 -------- d-----w- c:\program files\Wedding Dash - Ready Aim Love

2011-10-14 04:27:44 -------- d-----w- c:\program files\Supermarket Management

2011-10-14 04:25:50 -------- d-----w- c:\program files\Chocolate Shop Frenzy

2011-10-10 02:15:32 -------- d-----w- c:\program files\common files\SWF Studio

2011-10-10 02:13:54 -------- d-sh--w- c:\windows\ftpcache

2011-10-10 02:09:59 -------- d-----w- c:\program files\Administrative Medical Assisting

2011-10-08 08:14:06 -------- d-----w- d:\documents and settings\all\application data\passionuptoolbar

2011-10-07 00:33:40 -------- d-----w- c:\program files\Bonjour

2011-10-04 12:01:12 -------- d-----w- c:\windows\Noslip

2011-10-01 10:36:27 -------- d-----w- c:\program files\Scroll++

2011-10-01 00:23:07 -------- d-----w- c:\program files\muvee Technologies

2011-10-01 00:23:07 -------- d-----w- c:\program files\common files\muvee Technologies

2011-09-30 06:18:55 -------- d-----w- C:\MyAudio

2011-09-30 05:42:40 -------- d-----w- c:\program files\Yontoo Layers Runtime

2011-09-30 05:42:39 -------- d-----w- d:\documents and settings\all users\application data\Tarma Installer

2011-09-29 03:23:04 165232 ---ha-w- d:\documents and settings\all\application data\microsoft\virtual pc\VPCKeyboard.dll

2011-09-27 07:50:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-27 07:50:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-27 07:48:48 -------- d-----r- c:\program files\Skype

2011-09-23 07:21:41 -------- d-----w- c:\program files\ƒ}ƒ“

.

==================== Find3M ====================

.

2011-10-20 06:26:49 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-10-20 06:26:49 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-15 02:45:51 39964036 ----a-w- c:\windows\system32\xa112223625.exe

2011-09-15 02:45:51 39964036 ----a-w- c:\windows\system32\xa112220390.exe

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-06 04:39:07 126976 ----a-w- c:\windows\system32\mshearts.exe

2011-09-06 03:58:00 55296 ----a-w- c:\windows\system32\freecell.exe

2011-09-03 02:15:36 161728 ----a-w- c:\program files\2vres.dll

2011-08-31 12:37:05 39964036 ----a-w- c:\windows\system32\xa15858312.exe

2011-08-31 12:37:05 39964036 ----a-w- c:\windows\system32\xa15855531.exe

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 23:24:53 720896 ----a-w- c:\windows\iun6002.exe

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-08 01:54:06 0 ----a-w- c:\windows\DXT16.tmp

2011-08-08 01:54:06 0 ----a-w- c:\windows\DXT15.tmp

2011-08-08 01:54:06 0 ----a-w- c:\windows\DXT14.tmp

2011-08-08 01:54:06 0 ----a-w- c:\windows\DXT13.tmp

2011-08-08 01:54:06 0 ----a-w- c:\windows\DXT12.tmp

2011-08-02 20:38:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-01 13:39:21 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

============= FINISH: 0:27:59.68 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Can you run a new DDS scan and post the results?

Your first DDS scan shows a backdoor infection.

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.