Results 1 to 3 of 3

Thread: Trouble removing malware/trojan... Help needed please!

  1. #1
    Junior Member
    Join Date
    Jul 2010
    Posts
    1

    Default Trouble removing malware/trojan... Help needed please!

    Hello

    Im having trouble with a malware/trojan on my PC (windows XP).
    I have a full copy of AVG and it keeps finding the following infections.

    "C:\System Volume Information\Microsoft\services.exe (1032)";"Trojan horse Generic18.RUJ"

    "C:\Windows\System32\smss.exe"

    I have tried deleting them but they reappear on reboot of the system.
    I have also noticed that I'm getting audio adverts playing randomly in the background with no pop-up or process showing their presence. Not sure if this is related.

    I have done the following:

    Run a scan with Malwarebytes' Anti Malware
    Run a full scan with AVG
    Run a root-kit scan with AVG

    The DDS.txt is pasted below and attach.exe is attached

    Thanks in advance.



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 12:04:14.09 on 27/07/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.1757 [GMT 1:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe 4
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\hpha2mon.exe
    svchost.exe 4
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    svchost.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    {5c255c8a-e604-49b4-9d64-90988571cecb}
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: {8B68564D-53FD-4293-B80C-993A9F3988EE} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [{7C8E8F96-3511-CA63-5B71-7797F5884526}] "c:\documents and settings\owner\application data\sautb\ziysd.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [HPHA2MON] c:\windows\system32\hpha2mon.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb01.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
    StartupFolder: c:\docume~1\davidw~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software\Microsoft
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software\Microsoft\Internet Explorer
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software\Microsoft\Internet Explorer\LowRegistry
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software\Microsoft
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software\Microsoft\Internet Explorer
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software\Microsoft\Internet Explorer\LowRegistry
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software\Microsoft
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software\Microsoft\Internet Explorer
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software\Microsoft\Internet Explorer\LowRegistry
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: secuload.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {1A126A4E-4761-47D8-8532-886ECE1B7832} - rundll32 vakzakt87.dll,laspi
    IFEO: RapportMgmtService.exe - ZASRAKOMONDOHUI31338.EXE
    IFEO: RapportService.exe - ZASRAKOMONDOHUI31338.EXE

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\davidw~1\applic~1\mozilla\firefox\profiles\vqolr10u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\vqolr10u.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\vqolr10u.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCore.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\vqolr10u.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nptnt.dll
    FF - plugin: c:\program files\turntool\viewer\nptnt.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-9 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-9 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-9 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-9 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-9 243024]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-25 2331032]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-25 5897808]
    R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2006-2-6 49152]
    R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-7-2 2368]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-24 24652]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-9 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-9 122448]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-9 30288]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-9 26192]
    R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2003-11-12 11264]
    R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2003-11-12 10368]
    R3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2005-10-1 16384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 135664]
    S2 USBEXB;USBEXB;\??\c:\program files\axiomtek\exboot\bin\usbexb.sys --> c:\program files\axiomtek\exboot\bin\USBEXB.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-9 30104]
    S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2005-10-25 140416]
    S3 CA504AV;Qp3 Pen Camera, WDM Video Capture;c:\windows\system32\drivers\ca504av.sys --> c:\windows\system32\drivers\CA504AV.SYS [?]
    S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [2007-12-26 112836]
    S3 Eaphervrsf;Eaphervrsf; [x]
    S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\gtwinusb.sys --> c:\windows\system32\drivers\GTwinUSB.sys [?]
    S3 Stinrterpnr;Stinrterpnr; [x]
    S3 Sunplus;Qp3 Pen Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?]
    S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-11 24640]

    =============== Created Last 30 ================

    2010-07-27 09:46:09 0 d-----w- c:\docume~1\davidw~1\applic~1\Uniblue
    2010-07-27 09:45:19 0 d-----w- c:\program files\Uniblue
    2010-07-20 14:37:37 0 d-----w- c:\docume~1\davidw~1\applic~1\DAEMON Tools Lite
    2010-07-20 14:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

    ==================== Find3M ====================

    2010-07-20 14:38:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-25 09:45:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-06-25 09:45:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-06-25 09:44:56 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-06-25 09:43:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
    2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
    2008-01-22 13:29:46 5812 -c--a-w- c:\program files\install.log
    2002-10-09 14:06:24 172032 -c--a-w- c:\windows\inf\i386\viceo.dll
    2002-10-09 14:06:22 286720 -c--a-w- c:\windows\inf\i386\rtscan.dll
    2002-10-09 10:11:12 61440 -c--a-w- c:\windows\inf\i386\onetUSD.dll
    2002-08-23 15:06:10 13824 -c--a-w- c:\windows\inf\i386\Usbscan.sys
    2002-08-23 14:58:04 36864 -c--a-w- c:\windows\inf\i386\Vizmicro.dll
    2001-03-28 12:02:58 122880 -c--a-w- c:\windows\inf\agfa\message.exe
    1998-08-24 12:09:10 10000 -c--a-w- c:\windows\inf\unregpn.exe

    ============= FINISH: 12:04:50.59 ===============
    Attached Files Attached Files
    Last edited by tashi; 2010-07-27 at 19:02. Reason: Replaced real name with "owner" please check before posting logs. :-)

  2. #2
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,498

    Default

    Hi,

    If you still need help with this do the following:

    Please download MBRCheck to your desktop.

    1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
    2. It will open a black window, please do not fix anything (if it gives you an option).
    3. Exit that window and it will produce a log (MBRCheck_date_time).
    4. Please post that log + fresh dds.txt log in your reply.

    ---

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,498

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •