• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

My life has been hijacked and i can see it!

D

dillagent

New member
So i hope first of all to really relieve some stress briefly and to the point. I will be posting dds file if that is what i need to do and I have run ERUNT.

Here is what happened:

I was working on my pc...don't even remember what i was doing ...AVG popped up with do you want explorer to have access to internet...which i have said no to before because why does explorer need internet? ANyway
I clicked yes on accident..
Right away avg spotted or caught a bad program...i said clean or disinfect or whatever but then AVG hung and ever since then

1. I havent been able to upgrade or uninstall avg....
2. My browser search has been hijacked
3. SPybot finds some trojans (but cant remove them)
4. I am at war with my PC illness ....

I was getting a second problem on the spybot and i noted it here:
WindowsSecurityCenterFirewalBypass...but it didnt come up in the latest spybot report which is below along with DDS report.

If you can help I would appreciate it...soooo much thanks world...

Here is the spybot report:
Win32.AVKillsvc.e: [SBI $ACD9F3FA] Data (File, nothing done)
C:\WINDOWS\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314821920
Properties.filedatetext=2011-08-31 15:18:40

Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\FaithLives\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314822039
Properties.filedatetext=2011-08-31 15:20:39

Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314821925
Properties.filedatetext=2011-08-31 15:18:44

Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314822050
Properties.filedatetext=2011-08-31 15:20:49


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-08-31 Includes\Malware.sbi (*)
2011-08-30 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-08-29 Includes\TrojansC-02.sbi (*)
2011-08-09 Includes\TrojansC-03.sbi (*)
2011-08-30 Includes\TrojansC-04.sbi (*)
2011-08-29 Includes\TrojansC-05.sbi (*)
2011-08-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


DDS printout:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by FaithLives at 20:14:32 on 2011-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2251 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\3543285177:1187171628.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:53414
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: YTD Toolbar Helper: {c462528a-e3b6-4ffb-b639-51efbbb5b77d} - c:\program files\ytd toolbar\Toolbar32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: YTD Toolbar: {9b596622-fdda-4e28-97f8-998c522fa58e} - c:\program files\ytd toolbar\Toolbar32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB7561] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD4028] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB7953] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5214] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB7685] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD3042] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB1859] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD4786] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB2172] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD1504] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB2859] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5129] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB4783] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5698] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB9635] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD1901] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [SpybotDeletingA7673] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC7364] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA6926] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8798] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA420] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8037] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA6956] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8888] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA5979] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8208] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA4617] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC5067] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA493] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC4091] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA800] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8212] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282367932323
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{96DC3001-8A25-4D11-AE58-30FAFF6008BD} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BC9D836C-520A-43D9-AF31-12F11D12B751} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\faithlives\application data\mozilla\firefox\profiles\3luu9z50.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110513&user_guid=F47E801717CF4F169FA6A21E08FB25C7&machine_id=69f208bd564c5f5336effb21a89bc640&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53414
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\faithlives\application data\mozilla\firefox\profiles\3luu9z50.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-8-21 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-21 52872]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-4-30 16384]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2008-8-21 15448]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-21 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-21 243152]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-7-23 16400]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2008-6-25 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-6-20 11360]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-8-21 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-8-21 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-8-21 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-8-21 26192]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-8-21 302472]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-21 308136]
S2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-21 5897808]
S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2008-6-20 129144]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2008-6-18 192112]
S2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-8-21 30104]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-6-23 20104]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-7-23 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-7-23 21904]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2008-11-11 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2008-11-11 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2008-11-11 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2008-9-4 16456]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2008-7-24 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-7-31 11336]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-6-13 11360]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2008-8-1 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-7-25 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-7-31 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-7-31 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2008-7-29 11352]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-6-13 11360]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-7-23 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-4-4 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-4-4 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-7-23 11360]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2008-7-23 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2008-7-30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-12-16 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-12-16 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-6-25 20568]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-7-30 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-8-7 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2008-7-30 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-7-30 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-7-31 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-7-25 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-7-25 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-7-28 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-7-24 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-7-31 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2008-6-20 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-6-20 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-7-31 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-7-31 11336]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-8-21 11520]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-08-29 23:50:46 -------- d-----w- c:\documents and settings\faithlives\application data\AVG
2011-08-29 19:51:44 -------- d-----w- c:\program files\AVAST Software
2011-08-29 19:51:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-29 19:39:45 -------- d-----w- C:\AVGTemp
2011-08-29 18:45:18 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-14 17:43:27 61440 ----a-r- c:\documents and settings\faithlives\application data\microsoft\installer\{5f33c9b4-ddcd-4061-874e-e471310aeaae}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2011-08-14 17:43:27 61440 ----a-r- c:\documents and settings\faithlives\application data\microsoft\installer\{5f33c9b4-ddcd-4061-874e-e471310aeaae}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2011-08-14 17:43:17 -------- d-----w- c:\program files\Serato
.
==================== Find3M ====================
.
2011-08-20 21:57:17 90112 ----a-w- c:\windows\DUMP7ba8.tmp
2006-05-03 17:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:15:06.96 ===============
 
hi dillagent,

We can start with this:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
 
Shelf life thank you for trying to help me...
show i downloaded and installed anti -malware like you said....install went fine...update went fine....started a full scan....looks like it starts then it just disappears....its not in processes or anything its just gone...when i try to run it again....error message from windows.....
"windows cannot access the specified device path or file. you may not have appropriate permission."

:(
 
We will get another download to use. You can save it to your desktop.

Download this file.

Next using explorer, locate the Malwarebytes folder in C:/Program Files and locate mbam.exe icon inside the folder. drag and drop this (mbam.exe) icon right on top of the inherit.exe you saved to your desktop. Malwarebytes should then start up and run. Do the full scan.
 
Shelf-life this is quite interesting:

I did what you asked. It came up with a dialog box saying



Finished!
OK



The ok was just a button.
 
I left off that after you get the "ok" then try running Malwarebytes again.
If the shortcut on the desktop dosnt launch it then repeat what you did before by dragging the mbam.exe icon in C:/Program Files/Malwarebytes on to inherit.exe and after the "ok" double click the mbam.exe icon and see if it launches ok.
 
Continued...denial

Shelf-life,

Sorry i havent been able to follow up as i have been super busy. For now this PC stays mostly off the net cause i hate this virus....AVKillservice...but i see alot of people have it...too bad they didnt have something to fix it i mean they probably do...obviously you are helping me....but damn it seems like a bitch of a virus cause it still isnt working i have tried several times. Inherit works to the point where it says finished OK...CLick try to run it(scan) and it does the same thing (nothing).....what next?
 
hi,

PC stays mostly off the net
Click to expand...
This is a good thing.
Try booting into safe mode, then use inherit. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list, safe mode. Log into your usual account.

While you are in safe mode you can do this to. you may want to copy/paste it into notepad and save it so you can find it in safe mode:

Click Start>Run then type %temp%
Hit OK. Delete all the files you can.

click Start>Run then type %windir%\temp
hit ok. delete all the files you can

Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

After the above if it works or not you can download combofix and run it. There is a guide to read first. You can read the guide on a different machine if you want to. Try running it after a normal boot up, if it gives problems try combofix in safe mode. Guide to using Combofix
 
Last edited:
FIXED! kind of

Shelf Life I was out of town for a few weeks and never got to post....

I was able to fix the problem with last hints you gave......

However AVG still does not work.....any idea how this recent malware affected my pc behavior?

As u remember i had an AVGkillservice thing....any ideas?
 
Its been awhile. We are making progress. Read the guide on using combofix and go ahead with running that. If you have to, you can run combofix in safe mode. Post its log.
 
Everything is back to normal.

Shelflife Thanks for all your help! I need to make a donation to spybot! thank you
thank you thank you
 
Thats good but the reason behind running combofix is to get a closer look for malware the other scans may not have detected. Malware is going deeper and deeper into the operating system and capable of hiding from scans.
 
shelf life said:
Thats good but the reason behind running combofix is to get a closer look for malware the other scans may not have detected. Malware is going deeper and deeper into the operating system and capable of hiding from scans.
Click to expand...


where do i get this combofix....? i saw several places...which one is the horse's mouth?
 
I guess I didnt post the link. There is a guide to read first. Read through the guide first then download combofix to your desktop and run it. Post the combofix log. The guide and download link:
Guide to using Combofix

Combofix may not run with AVG installed. AVG flags some of its files as threats. You will have to uninstall AVG via the add/remove programs panel, reboot then run combofix. This is a problem because of AVG, not combofix.
Once we are done you can reinstall AVG.
 
There is no link just for a Vista version if thats what you mean.

From the Guide:

At this time ComboFix can only run on the following Windows versions:

* Windows XP (32-bit only)
* Windows 2000 (32-bit only)
* Windows Vista (32-bit/64-bit)
* Windows 7 (32-bit/64-bit)
Click to expand...

Under the topic "Using Combofix" you will find two download links.
Once you get it on your desktop, you may have to right click on the icon and chose "run as Admin" you can "allow" if you get the UAC (user account control) prompts. UAC is a "security" feature built into Vista. If its not turned on you wont get the prompts. If it is turned on then you will know what Iam talking about having seen it before.
 
Bad News Shelf life

So a few different things.
My computer is somehow still infected.

After much delay, I decided to run Combofix. But first i uninstalled AVG. Well I did a google search, and just like before...my results got hijacked and i was redirected....so obviously i was cursing the air thinking i had it fixed!

Well anyway i managed to get combo fix and it ran...and found a
zeroaccess rootkit or something like that. I don't know...the dialog box was gone before i knew it. It did say DONT manually reboot. Let combo fix reboot. Now my computer is just sitting there. it hasn't rebooted....but there is no mouse and no icons or task bar.....so now what....?
 
You must log in or register to reply here.
Back
Top