-
IDP.Trojan.1C8D1A13 & Crypt.AQLW
G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.
First can I say before I found your site & had discovered the virus (see notes below) I had tried to run Combofix but it didn't work (i think, as I have lost internet access on my PC)
I hope I've done it right so far??
--------------------------------------------------------------------------
My 7 year old son mainly uses our pc for playing games & printing out coloring in pages etc.
I run AVG & it's now coming up with following;
IDP.Trojan.1C8D1A13 & Crypt.AQLW
I've tried to find a tool to remove it (as avg cant get rid of it) but can't find anything. Don't really know what else to do?
If you can an help me I would really appreciate it (fyi the pc runs xppro).
Cheers Andy
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Cameron at 11:05:22 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1410 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\docume~1\cameron\applic~1\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [uipre] rundll32.exe "c:\docume~1\cameron\locals~1\temp\uipre.dll",Vec3TransformCoord
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cameron\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009} : DhcpNameServer = 10.1.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S2 antivirservice;Ctljystk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S2 mcvsrte;Roxmediadb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mks_scan;Z525obex;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 nod32krn;Kerbkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 ofcpfwsvc;Websensecpmcommunicationagent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pavdrv;Pnp680r;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotdriver;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotshim;Oracle%oracle_home_service%clientcache80;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 vsdatant;HFACSVC;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\cameron\local settings\application data\NPE
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
2012-04-24 05:08:19 -------- d-----w- c:\documents and settings\all users.windows\application data\COMODO
2012-04-24 05:08:10 -------- d-----w- c:\documents and settings\cameron\application data\Comodo
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Uqycux
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Rofeen
2012-04-22 15:48:12 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Identities
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ypaxad
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ydod
2012-04-20 00:23:16 -------- d-----w- C:\sh4ldr
2012-04-20 00:23:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21:59 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-19 23:49:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-19 23:48:04 -------- d-----w- c:\documents and settings\all users.windows\application data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41:07 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJFAX
2012-04-17 00:40:16 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:40:16 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40:16 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40:16 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:36:39 -------- d-----w- c:\documents and settings\cameron\application data\Canon Easy-WebPrint EX
2012-04-17 00:32:02 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:31:49 74752 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31:49 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31:49 28672 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31:42 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31:39 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-07 08:55:58 -------- d-sh--w- C:\found.000
2012-04-07 07:42:52 -------- d-----w- C:\big w prints
2012-04-07 07:07:12 -------- d-----w- C:\Vuze
2012-04-07 06:48:39 -------- d-----w- C:\To Transfer
2012-04-06 00:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09:26 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
2012-03-28 07:22:27 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex
2012-03-28 07:22:20 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Deployment
2012-03-28 07:19:19 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2012-03-28 07:19:17 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex Media Server
2012-03-28 07:19:01 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-03-28 07:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-03-28 07:18:33 -------- d-----w- c:\windows\Logs
2012-03-28 07:16:08 -------- d-----w- c:\program files\Plex
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\application data\searchquband
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\AppData
.
==================== Find3M ====================
.
2012-04-14 15:02:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:06:10.65 ===============
Last edited by tashi; 2012-04-25 at 05:54.
Reason: Copy pasted log into topic :-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
