PDA

View Full Version : win.32 tdss RTK and .REG


still awake
2009-12-23, 22:25
hi there

i have been unsuccessfully trying to get these two entries that spybot picked up, off of my hdd to no avail... i can't defrag my hdd anymore, seemingly because of this malware. everytime i try to open my defrag program, it displays i have one file, ONE file, on my hdd...

here is my HJT log

any help is of the utmost appreciation

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:10 PM, on 12/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\Kyle\My Documents\HijackThis.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

--
End of file - 1781 bytes

once again much thanks goes out to all those who provide their efforts
peku006
2009-12-28, 15:39
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
peku006
2010-01-03, 21:04
Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)