PDA

View Full Version : Rouge Antivirus i think?



Animehound
2010-05-23, 11:39
I have contracted some kind of Malicious virus or the like. Whatever this is it is not allowing me to access any files (nor will it let me run erunt) it keeps asking what the program should be opened in, and this goes for anything except for D.D.S. which i have both Txt files and will be able to provide the attach when needed. Please if you can help me i would be so happy.

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Karen at 4:30:59.68 on Sun 05/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.394 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe
C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karen.DB2JRYB1\My Documents\Downloads\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ADC PlugIn: {149256d5-e103-4523-bb43-2cfb066839d6} - c:\program files\adc_w32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediat~1.lnk - c:\program files\ads tech\mediatv 3

\MediaTVMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\karen.db2jryb1\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-

af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161829172203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163261639734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karen~1.db2\applic~1\mozilla\firefox\profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-

aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-10-2009&tb_mrud=15-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\karen.db2jryb1\application

data\mozilla\firefox\profiles\fmudpqwd.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

\components\FFExternalAlert.dll
FF - component: c:\documents and settings\karen.db2jryb1\application

data\mozilla\firefox\profiles\fmudpqwd.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}

\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\karen.db2jryb1\application

data\mozilla\firefox\profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-

msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-

3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-22 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-22 242896]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-15 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-15 464264]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-22 308064]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28

156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 StarWindService;StarWind iSCSI Service;c:\program files\josh\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10

24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32

\zonelabs\vsmon.exe -service [?]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]
S2 AdbUpd;Adobe Update Service;c:\program files\svchost.exe --> c:\program files\svchost.exe [?]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-22 916760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 MSWU-a6c4586a;MSWU-a6c4586a;c:\windows\system32\a6c4586a.exe [2010-5-22 75264]
S3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\system32\drivers\A193_ADS.sys [2009-11-8 277888]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-22

430152]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32

\drivers\WPRO_40_1123.sys [?]

============== File Associations ===============

exefile=c:\program files\alggui.exe "%1" %*

=============== Created Last 30 ================

2010-05-23 03:39:48 0 d--h--w- C:\$AVG
2010-05-23 03:38:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 03:38:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 03:38:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 03:38:09 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-23 03:38:00 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-05-23 03:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-22 06:11:26 50023 ----a-w- c:\windows\Sysvxd.exe
2010-05-22 05:56:16 1490 ----a-w- C:\XJR Antivirus.lnk
2010-05-22 05:56:15 0 d-----w- C:\XJR Antivirus
2010-05-22 05:55:04 231424 ----a-w- c:\program files\adc_w32.dll
2010-05-22 05:55:01 48 ----a-w- c:\program files\wp4.dat
2010-05-22 05:55:01 36 ----a-w- c:\program files\skynet.dat
2010-05-22 05:55:01 1 ----a-w- c:\program files\wp3.dat
2010-05-22 05:54:57 75264 ----a-w- c:\windows\system32\a6c4586a.exe
2010-05-15 04:23:03 0 d-----w- c:\program files\common files\Software Update Utility
2010-05-15 04:22:46 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-05-15 04:21:52 0 d-----w- c:\program files\AIM

==================== Find3M ====================

2010-05-23 08:23:26 12912 ----a-w- c:\windows\system32\tablet.dat
2010-05-22 05:55:06 9 ----a-w- c:\program files\nuar.old
2010-05-17 00:15:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-13 01:20:03 12044 ----a-w- c:\docume~1\karen~1.db2\applic~1\wklnhst.dat
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-03-05 10:44:25 53908 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2006-10-27 01:07:57 3250815 -c--a-w- c:\program files\YVD086.exe
1998-04-21 07:57:26 131072 ----a-w- c:\program files\us_scd1_9210.bin
2008-10-09 04:23:56 88 --sh--r- c:\windows\system32\3E39A46BB8.sys
2008-10-19 00:11:00 8 --sh--r- c:\windows\system32\CD87AC12C5.sys
2008-12-05 03:20:49 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 4:32:38.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 12:05:29 PM
System Uptime: 5/23/2010 4:21:22 AM (0 hours ago)

Motherboard: Dell Inc. | | 0YD612
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor |

1662/166mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor |

1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 9.159 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 25.929 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: VAXSCSI Controller
Device ID: ACPI\PNPA000\4&48789D60&0
Manufacturer: (Standard mass storage controllers)
Name: VAXSCSI Controller
PNP Device ID: ACPI\PNPA000\4&48789D60&0
Service: vaxscsi

==== System Restore Points ===================

RP115: 3/3/2010 3:37:58 PM - System Checkpoint
RP116: 3/6/2010 3:13:19 AM - Installed LogMeIn Hamachi
RP117: 3/6/2010 3:14:15 AM - Installed LogMeIn Hamachi
RP118: 3/6/2010 3:41:07 AM - Removed LogMeIn Hamachi
RP119: 3/6/2010 3:44:58 AM - Installed LogMeIn Hamachi
RP120: 3/6/2010 4:01:46 AM - Removed LogMeIn Hamachi
RP121: 3/6/2010 4:11:10 AM - Installed LogMeIn Hamachi
RP122: 3/6/2010 4:13:28 AM - Removed LogMeIn Hamachi
RP123: 3/6/2010 4:14:54 AM - Installed LogMeIn Hamachi
RP124: 3/6/2010 8:04:52 PM - Removed Broadcom Management Programs
RP125: 3/6/2010 8:05:27 PM - Installed Broadcom Management Programs.
RP126: 3/8/2010 7:25:34 PM - System Checkpoint
RP127: 3/10/2010 2:27:54 AM - System Checkpoint
RP128: 3/10/2010 3:00:23 AM - Software Distribution Service 3.0
RP129: 3/11/2010 3:25:47 PM - Installed VideoImpression
RP130: 3/11/2010 3:30:22 PM - Installed MyLife Webcam Pro
RP131: 3/13/2010 2:48:51 AM - System Checkpoint
RP132: 3/15/2010 2:59:53 AM - System Checkpoint
RP133: 3/16/2010 3:34:16 AM - System Checkpoint
RP134: 3/17/2010 5:33:35 PM - System Checkpoint
RP135: 3/18/2010 8:05:02 PM - System Checkpoint
RP136: 3/20/2010 12:41:28 AM - System Checkpoint
RP137: 3/21/2010 1:23:01 AM - System Checkpoint
RP138: 3/22/2010 1:49:44 AM - System Checkpoint
RP139: 3/23/2010 1:54:00 AM - System Checkpoint
RP140: 3/24/2010 2:13:19 AM - System Checkpoint
RP141: 3/25/2010 2:31:46 AM - System Checkpoint
RP142: 3/26/2010 3:12:21 AM - System Checkpoint
RP143: 3/28/2010 12:59:19 AM - System Checkpoint
RP144: 3/29/2010 1:59:47 AM - System Checkpoint
RP145: 3/31/2010 12:55:02 AM - Software Distribution Service 3.0
RP146: 4/1/2010 1:06:02 AM - System Checkpoint
RP147: 4/2/2010 1:40:13 AM - System Checkpoint
RP148: 4/3/2010 1:42:34 AM - System Checkpoint
RP149: 4/4/2010 2:01:58 AM - System Checkpoint
RP150: 4/6/2010 12:51:25 AM - System Checkpoint
RP151: 4/7/2010 1:55:13 AM - System Checkpoint
RP152: 4/8/2010 2:02:52 AM - System Checkpoint
RP153: 4/9/2010 2:29:11 AM - System Checkpoint
RP154: 4/10/2010 7:18:01 PM - System Checkpoint
RP155: 4/12/2010 1:07:27 AM - System Checkpoint
RP156: 4/13/2010 1:16:48 AM - System Checkpoint
RP157: 4/13/2010 4:29:45 PM - Software Distribution Service 3.0
RP158: 4/14/2010 5:41:36 PM - System Checkpoint
RP159: 4/15/2010 3:00:42 AM - Software Distribution Service 3.0
RP160: 4/16/2010 3:38:31 AM - System Checkpoint
RP161: 4/17/2010 10:58:01 PM - System Checkpoint
RP162: 4/19/2010 2:12:17 AM - System Checkpoint
RP163: 4/21/2010 1:18:29 AM - System Checkpoint
RP164: 4/22/2010 2:15:18 AM - System Checkpoint
RP165: 4/23/2010 2:58:53 AM - System Checkpoint
RP166: 4/27/2010 12:57:10 AM - System Checkpoint
RP167: 4/28/2010 1:20:49 AM - System Checkpoint
RP168: 4/29/2010 2:07:13 AM - System Checkpoint
RP169: 5/1/2010 1:06:16 AM - System Checkpoint
RP170: 5/2/2010 1:48:21 AM - System Checkpoint
RP171: 5/5/2010 1:43:32 AM - System Checkpoint
RP172: 5/6/2010 2:13:11 AM - System Checkpoint
RP173: 5/7/2010 2:23:45 AM - System Checkpoint
RP174: 5/8/2010 2:34:04 AM - System Checkpoint
RP175: 5/9/2010 4:28:22 AM - System Checkpoint
RP176: 5/10/2010 4:29:23 AM - System Checkpoint
RP177: 5/11/2010 5:23:50 AM - System Checkpoint
RP178: 5/12/2010 3:00:27 AM - Software Distribution Service 3.0
RP179: 5/13/2010 4:52:01 AM - System Checkpoint
RP180: 5/14/2010 9:17:15 PM - System Checkpoint
RP181: 5/16/2010 2:30:19 AM - System Checkpoint
RP182: 5/17/2010 2:57:49 AM - System Checkpoint
RP183: 5/18/2010 3:25:43 AM - System Checkpoint
RP184: 5/20/2010 1:41:17 AM - System Checkpoint
RP185: 5/21/2010 2:36:57 AM - System Checkpoint
RP186: 5/22/2010 5:28:29 PM - System Checkpoint
RP187: 5/22/2010 11:37:03 PM - Installed AVG Free 9.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
ADS Tech MediaTV 3
AIM 7
AIM Toolbar
Andrea VoiceCenter
AOLIcon
ArcSoft MediaConverter 2.5
ArcSoft VideoImpression 2
ATI Catalyst Control Center
AutoUpdate
AVG Free 9.0
BitTorrent
Broadcom Management Programs
BUM
CCScore
Character Builder
Creative MediaSource 5
Dell Driver Reset Tool
Dell System Restore
Diablo
Digital Content Portal
Digital Line Detect
DivX
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Download Updater (AOL LLC)
ELIcon
EPSON Print CD
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Full Tilt Poker
Games, Music, & Photos Launcher
GOG.com Downloader
Google Toolbar for Firefox
Google Update Helper
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.1
Kodak EasyShare software
KSU
LogMeIn Hamachi
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite Add-in for Microsoft Word
mIRC
Modem Helper
Mozilla Firefox (3.6.3)
MP3 Skype Recorder
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MyLife Webcam Pro
neroxml
Netflix Movie Viewer
NetWaiting
Notifier
OfotoXMI
OpenOffice.org Installer 1.0
OTtBP
OTtBPSDK
Pando Media Booster
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
RPTools MapTool
SA32xx Device Manager
Sacred Gold
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SFR
SHASTA
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SigmaTel Audio
SKIN0001
SKINXSDK
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Spybot - Search & Destroy
staticcr
System Requirements Lab
The Sims™ 2 Double Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
URL Assistant
VC 9.0 Runtime
VidiotMaps Map Overlay
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
WIRELESS
Works Upgrade
ZoneAlarm

==== Event Viewer Messages From Past Week ========

5/23/2010 4:27:08 AM, error: Service Control Manager [7034] - The AVG Free E-mail

Scanner service terminated unexpectedly. It has done this 2 time(s).
5/23/2010 4:26:19 AM, error: Service Control Manager [7031] - The AVG Free WatchDog

service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 0 milliseconds: Restart the service.
5/23/2010 4:26:16 AM, error: Service Control Manager [7034] - The AVG Free E-mail

Scanner service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 4:17:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to

start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1

-11D1-BF92-0060081ED811}
5/23/2010 4:13:05 AM, error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: APPDRV AvgLdx86 AvgMfx86 Fips

intelppm
5/23/2010 4:12:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to

start the service EventSystem with arguments "" in order to run the server: {1BE1F766

-5536-11D1-B726-00C04FB926AF}
5/23/2010 3:59:16 AM, error: Service Control Manager [7034] - The TabletService

service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 3:57:14 AM, error: Service Control Manager [7000] - The Adobe Update

Service service failed to start due to the following error: The system cannot find

the file specified.
5/23/2010 1:51:53 AM, error: Service Control Manager [7011] - Timeout (30000

milliseconds) waiting for a transaction response from the avg9wd service.
5/23/2010 1:51:53 AM, error: Service Control Manager [7000] - The Adobe Update

Service service failed to start due to the following error: Access is denied.
5/23/2010 1:51:18 AM, error: W32Time [17] - Time Provider NtpClient: An error

occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'.

NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket

operation was attempted to an unreachable host. (0x80072751)
5/22/2010 1:55:10 AM, error: Service Control Manager [7034] - The MSWU-a6c4586a

service terminated unexpectedly. It has done this 1 time(s).
5/17/2010 3:13:45 PM, error: Service Control Manager [7023] - The Computer Browser

service terminated with the following error: This operation returned because the

timeout period expired.
5/17/2010 3:10:19 PM, error: Service Control Manager [7006] - The ScRegSetValueExW

call failed for DeleteFlag with the following error: Access is denied.
5/16/2010 5:15:18 PM, error: Service Control Manager [7000] - The HTTP SSL service

failed to start due to the following error: The service did not respond to the start

or control request in a timely fashion.
5/16/2010 5:15:17 PM, error: Service Control Manager [7009] - Timeout (30000

milliseconds) waiting for the HTTP SSL service to connect.
5/16/2010 12:07:11 AM, error: Service Control Manager [7034] - The LogMeIn Hamachi

2.0 Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
--------------------------------------
*bumping* I managed to find the virus and delete the file allowing me to run programs again, however AVG keeps finding (and stopping the trojans). I would really like to get this machine clean again, can i please get some help? (its been well over 24 hours, since the first post.
--------------------------------------

Bump and Topic May Be Closed (http://forums.spybot.info/showpost.php?p=219168&postcount=6)
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)
(http://forums.spybot.info/showthread.php?t=288)

Blade81
2010-05-27, 19:23
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Make sure word wrap is disabled in notepad and then run DDS and post back its log contents.

Blade81
2010-06-03, 11:18
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.