Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hello,
I acidentally contracted a virus and then bought the fake software to fix it that popped up from my lower right icons(it was security shield). I freaked out since my computer was going all crazy and then did a system recovery. It seems to fine now. But is it? Also, is it possible to to recover any of the files before system recover(just my excel files). Oh, and my usb stick was stuck in my computer at the time, but removed before system recovery. Is it infected, how do I check/clean it?
Thanks for your help

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 1:48:48.20 on Wed 05/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.879.438 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\124278~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\124278~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WF2ZI92X\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [HostManager] c:\program files\common files\aol\1242789417\ee\AOLHostManager.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [VirusScan Online] \mcvsshld.exe
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34216]

=============== Created Last 30 ================

2009-05-19 21:58 <DIR> --d----- c:\windows\system32\URTTemp
2009-05-19 21:44 5,911 a------- c:\windows\system32\Config.MPF
2009-05-19 21:40 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-19 21:40 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-19 21:40 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-19 21:40 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-19 21:39 <DIR> --d----- c:\program files\common files\McAfee
2009-05-19 21:26 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-19 20:59 32,928 a------- c:\windows\_detmp.1
2009-05-19 20:59 81,302 a------- c:\windows\_bmp23_.bm_
2009-05-19 20:51 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-19 20:49 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-19 20:44 0 a------- c:\windows\system32\GATEWAY_T3504__GRC6520009467.MRK
2009-05-19 20:44 333 a------- c:\windows\system32\$ncsp$.inf
2009-05-19 20:43 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-05-19 20:43 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-05-19 20:43 <DIR> --d----- c:\windows\system32\Lang
2009-05-19 20:40 1,376 a------- c:\windows\system32\Status.MPF
2009-05-19 20:32 <DIR> --d----- c:\docume~1\owner\applic~1\AOL
2009-05-19 20:22 <DIR> --d-h--- c:\windows\$hf_mig$
2009-05-19 20:22 <DIR> --d----- c:\program files\McAfee
2009-05-19 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-05-19 20:20 349,760 a------- c:\windows\system32\mcinsctl.dll
2009-05-19 20:20 288,320 a------- c:\windows\system32\mcgdmgr.dll
2009-05-19 20:20 <DIR> --d----- c:\program files\McAfee.com
2009-05-19 20:20 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-19 20:19 <DIR> --d----- c:\windows\RegisteredPackages
2009-05-19 20:19 67,072 a------- c:\windows\POWERCFG.EXE
2009-05-19 20:19 80,512 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-05-19 20:18 <DIR> --d----- c:\program files\Microsoft Money 2006
2009-05-19 20:18 173,184 a------- c:\windows\system32\ygpss.scr
2009-05-19 20:18 <DIR> --d----- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2009-05-19 20:18 <DIR> --d----- c:\program files\common files\Nullsoft
2009-05-19 20:17 <DIR> --d----- c:\program files\common files\Real
2009-05-19 20:17 <DIR> --d----- c:\program files\Viewpoint
2009-05-19 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-05-19 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-05-19 20:17 <DIR> --d----- c:\program files\Pure Networks
2009-05-19 20:17 <DIR> --d----- c:\program files\common files\AolCoach
2009-05-19 20:16 <DIR> --d----- c:\program files\common files\aolshare
2009-05-19 20:16 <DIR> --d----- c:\program files\America Online 9.0
2009-05-19 20:16 1,114 a---h--- C:\IPH.PH
2009-05-19 20:16 <DIR> --d----- c:\program files\common files\AOL
2009-05-19 20:16 10,280 a------- c:\windows\BigFixClientOverride.dll
2009-05-19 20:16 <DIR> --d----- c:\program files\BigFix
2009-05-19 20:15 <DIR> --d----- c:\program files\MSN Encarta Plus
2009-05-19 20:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-05-19 20:14 <DIR> --d----- c:\program files\Napster
2009-05-19 20:14 89,088 a------- c:\windows\system32\atl71.dll
2009-05-19 20:13 4 a------- c:\windows\Pix11.dat
2009-05-19 20:13 <DIR> --d----- c:\program files\Microsoft Digital Image 2006
2009-05-19 20:13 135,168 a------- c:\windows\system32\RtlCPAPI.dll
2009-05-19 20:13 40,960 a------- c:\windows\system32\ChCfg.exe
2009-05-19 20:13 6,400 ac------ c:\windows\system32\dllcache\splitter.sys
2009-05-19 20:13 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-05-19 20:13 82,944 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-05-19 20:13 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-05-19 20:13 52,864 ac------ c:\windows\system32\dllcache\dmusic.sys
2009-05-19 20:13 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-05-19 20:11 2,809,344 a------- c:\windows\alcwzrd.exe
2009-05-19 20:11 69,632 a------- c:\windows\Alcmtr.exe
2009-05-19 20:11 <DIR> --d----- c:\program files\Realtek
2009-05-19 20:11 487,424 a------- c:\windows\RtlExUpd.dll
2009-05-19 20:11 520,192 a------- c:\windows\system32\ati2sgag.exe
2009-05-19 20:10 20,480 a------- c:\windows\system32\Marker32.exe
2009-05-19 20:10 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-05-19 20:10 2,238 a------- c:\windows\system32\32-aol.ico
2009-05-19 20:10 1,406 a------- c:\windows\system32\16-aol.ico
2009-05-19 20:09 94,208 a------- c:\windows\system32\bae.dll
2009-05-19 20:09 471,300 a------- c:\windows\wallpe.exe
2009-05-19 20:09 30,056 a------- c:\windows\system32\oemlogo.bmp
2009-05-19 20:09 2 a------- C:\AUDIT_INSTALL_IN_PROGRESS
2009-05-19 20:07 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-19 20:07 376 a------- c:\windows\ODBC.INI
2009-05-19 20:07 24,816 a------- c:\windows\system32\mdimon.dll
2009-05-19 20:07 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-05-19 20:06 <DIR> --d----- c:\windows\SHELLNEW
2009-05-19 19:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-05-19 19:59 <DIR> --d----- c:\program files\common files\New Boundary
2009-05-19 19:57 0 a------- C:\REQUEST_OEMRESET_ENDUSER
2009-05-19 19:57 2 ---shr-- C:\USER
2009-05-19 19:56 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-19 19:56 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-19 19:56 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-05-19 19:55 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-05-19 19:54 26,624 a------- c:\windows\system32\drivers\usbehci.sys
2009-05-19 19:54 7,168 a------- c:\windows\system32\hccoin.dll
2009-05-19 19:54 17,024 a------- c:\windows\system32\drivers\usbohci.sys
2009-05-19 19:47 <DIR> --d----- c:\windows\creator
2009-05-19 19:45 1,094,751 a------- c:\windows\system32\drivers\AGRSM.sys
2009-05-19 19:45 68,096 a------- c:\windows\agrsmdel.exe
2009-05-19 19:45 <DIR> --d----- c:\windows\SMINST
2009-05-19 19:45 <DIR> --d----- c:\windows\I386
2009-05-19 19:43 77,890 a------- c:\windows\system32\usrdpa.dll
2009-05-19 19:42 58,112 a------- c:\windows\system32\drivers\vdmindvd.sys
2009-05-19 19:41 196,864 ac------ c:\windows\system32\dllcache\rdpdr.sys
2009-05-19 19:41 47,104 a------- c:\windows\system32\cnbjmon.dll
2009-05-19 19:39 64 a------- C:\MOVE_RECOVERY
2009-05-19 19:38 <DIR> --d----- C:\My Backup -- 09-05-19 0738PM

==================== Find3M ====================

2009-05-19 20:17 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys

============= FINISH: 1:49:14.73 ===============
 

Attachments

·
TSF-Emeritus
Joined
·
15,384 Posts
Hello and welcome to TSF.

Apologies for the late response.

If you still need assistance, we would like to see the latest state of your system, as it has been quite a while since you posted. Please post a fresh set of logs requested in our pre-posting process outlined below:

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top