Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BLEEPING COMPUTER is right!


  • This topic is locked This topic is locked
4 replies to this topic

#1 kate benson

kate benson

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 29 January 2009 - 01:01 PM

My computer started acting up at the beginning of this month. I kept getting pop up ads every time I did a google search then for no reason odd web-sites would pop up... sometimes three in a row. Also my computer became very sluggish. I kept running AVG to see if I could clear anything up and ran rookits... it found the seneka trojan but could not clear it. I took my PC in to get it professionally cleaned up, but it is still not acting like it use to, I KNOW I'm still infected. I googled senkea trojan and this is what I found. http://www.bleepingcomputer.com/forums/t/192693/senekatrojan/ I followed the steps until I tried to disable AVG, but it won't let me. PLEASE HELP!!! I am freaked out that I'm infected!

MY DDS:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Katie at 10:10:22.15 on Thu 01/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2246 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Katie\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3d0aa627-8f25-46bb-89f5-74a16de542f4} - c:\windows\system32\bisobobe.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: nnnnNGAs - nnnnNGAs.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\metupuli.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\fdzax5o4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
FF - plugin: c:\documents and settings\katie\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: XUL Cache: {73B5A41A-B948-4479-9F88-E93A4C40FBA8} - c:\windows\system32\config\systemprofile\local settings\application data\{73b5a41a-b948-4479-9f88-e93a4c40fba8}\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-20 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-20 325128]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2008-1-9 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-20 107272]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-10-13 53752]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-10 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-10 298264]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\drivers\fardrive.sys --> c:\windows\system32\drivers\FarDrive.sys [?]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb.sys [2006-8-4 14936]

=============== Created Last 30 ================

2009-01-16 13:40 256 a------- c:\windows\adaway.lic
2009-01-16 12:42 --d----- c:\docume~1\katie\applic~1\Malwarebytes
2009-01-16 12:42 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-16 12:41 388,608 a------- c:\windows\system32\CF18546.exe
2009-01-16 12:41 --d----- C:\ComboFix
2009-01-16 12:40 388,608 a------- c:\windows\system32\CF18416.exe
2009-01-16 11:36 --d----- C:\DDR
2009-01-16 11:06 2,713 ---sh--- c:\windows\system32\zudeyuwi.dll
2009-01-15 03:08 --d----- c:\windows\Recent
2009-01-15 03:08 --d----- c:\windows\Cookies
2009-01-12 16:48 60,416 a------- c:\windows\ALCFDRTM.VER
2009-01-12 16:48 60,416 a------- c:\windows\ALCFDRTM.EXE
2009-01-10 13:15 664,279 a--sh--- c:\windows\system32\DKjSvGgh.ini
2009-01-10 13:15 369 a--sh--- c:\windows\system32\DKjSvGgh.ini2
2009-01-10 12:13 3 a------- c:\windows\system32\senekadf.dat.rmv.rmv
2009-01-10 12:13 59 a------- c:\windows\system32\seneka.dat.rmv.rmv
2009-01-10 12:08 34,035 a------- c:\windows\system32\senekalog.dat.rmv.rmv
2009-01-10 12:02 --d-h--- C:\$AVG8.VAULT$
2009-01-10 12:02 0 a------- c:\windows\system32\drivers\senekaumkncmju.sys.rmv.rmv
2008-12-30 21:16 --d----- c:\docume~1\katie\applic~1\Blackberry Desktop
2008-12-30 21:14 256 a------- c:\windows\system32\pool.bin
2008-12-30 21:14 --d----- c:\docume~1\katie\applic~1\Research In Motion
2008-12-30 20:54 --d----- c:\program files\Roxio
2008-12-30 20:54 --d----- c:\program files\common files\Sonic Shared
2008-12-30 20:49 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-12-30 20:48 --d----- c:\program files\common files\Research In Motion
2008-12-30 20:48 --d----- c:\program files\Research In Motion
2008-12-30 20:24 --d----- c:\program files\Trivial Pursuit Choice
2008-12-30 20:24 --d----- c:\docume~1\katie\applic~1\Hasbro

==================== Find3M ====================

2009-01-16 12:10 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-10 08:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-10 08:42 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-10 08:42 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-11 04:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2007-10-01 11:56 6,016,952 a------- c:\program files\Firefox Setup 2.0.0.7.exe
2007-02-07 22:36 44,232 a------- c:\docume~1\katie\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 10:10:46.20 ===============







Then I have this result:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2006 12:13:48 AM
System Uptime: 1/29/2009 8:32:18 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-SLI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2216/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2216/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 464 GiB total, 245.542 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 466 GiB total, 463.899 GiB free.
J: is FIXED (NTFS) - 466 GiB total, 80.973 GiB free.
K: is FIXED (NTFS) - 298 GiB total, 17.535 GiB free.
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/16/2009 12:10:18 PM - Avg8 Update
RP2: 1/16/2009 12:10:53 PM - Avg8 Update
RP3: 1/19/2009 11:48:38 AM - System Checkpoint
RP4: 1/19/2009 12:41:08 PM - Software Distribution Service 3.0
RP5: 1/19/2009 12:51:11 PM - Software Distribution Service 3.0
RP6: 1/19/2009 12:57:41 PM - Software Distribution Service 3.0
RP7: 1/19/2009 1:53:53 PM - Software Distribution Service 3.0
RP8: 1/19/2009 2:26:06 PM - Installed Java™ 6 Update 7
RP9: 1/19/2009 4:38:54 PM - Removed Adobe Reader 8
RP10: 1/19/2009 4:49:49 PM - Installed Adobe Reader 9.
RP11: 1/19/2009 5:08:01 PM - Data Dr Completed Service
RP12: 1/20/2009 12:52:50 PM - Configured AutoBackup
RP13: 1/20/2009 3:28:34 PM - Removed Apple Mobile Device Support
RP14: 1/20/2009 3:32:27 PM - Removed PhotoImpression
RP15: 1/20/2009 3:34:03 PM - Configured EPSON Attach To Email
RP16: 1/21/2009 11:47:52 PM - System Checkpoint
RP17: 1/22/2009 7:16:22 PM - Software Distribution Service 3.0
RP18: 1/23/2009 7:35:44 PM - System Checkpoint
RP19: 1/24/2009 8:15:58 PM - System Checkpoint
RP20: 1/25/2009 9:14:26 PM - System Checkpoint
RP21: 1/26/2009 8:34:45 AM - Software Distribution Service 3.0
RP22: 1/27/2009 8:40:46 AM - System Checkpoint
RP23: 1/28/2009 8:53:28 AM - System Checkpoint
RP24: 1/29/2009 8:54:07 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
98SE
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Lightroom
Adobe Reader 9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Software Update
Avery DesignPro
AVG 8.0
BlackBerry Desktop Software 4.3
Bonjour
CardRecovery
Comcast High-Speed Internet Install Wizard
Core FTP LE 1.3c
DigitImg
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V200 Photo Scanner Driver Update
EPSON Perfection V200P User's Guide
EPSON Scan
EPSON Scan Assistant
FinePixViewer Resource
FinePixViewer Ver.5.1
FreeAgent Pro Tools
FUJIFILM USB Driver
Google Earth
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Software Update
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 7
JumpStart Advanced School Time
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MonacoOPTIX 2.0
Mozilla Firefox (3.0.5)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Napster Burn Engine
Nero Suite
NVIDIA Drivers
Photodex Presenter
Photosmart 140,240,7200,7600,7700,7900 Series
Pixel Creator Lite v3.5
PowerDVD
Presto! BizCard 4.1 Eng
ProShow Gold
PS7700
PSShortcuts
PSUsage
QuickBooks Pro 2008
QuickTime
Qwest eChat Support Tools
RAW FILE CONVERTER LE
Realtek AC'97 Audio
ROES.whcc
Roxio Media Manager
ScanToWeb
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Showit Web
Simply Canvas ROES
SupportSoft Assisted Service
Trivial Pursuit Digital Choice v1.2.5 for Windows XP/Vista
TuneClone 1.20
Update for Office 2007 (KB946691)
Update for Windows XP (KB904942)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
WinZip
XML Paper Specification Shared Components Pack 1.0
Zookbinders ROES

==== End Of File ===========================



Finally my GMER scan result:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-29 10:29:50
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----


I am not computer savvy at ALL, but I need some serious help.
THANK YOU so much for this forum and I hope you get back with me soon. Thanks!

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:29 PM

Posted 29 January 2009 - 03:51 PM

Hi,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
Don't worry if you can't disable AVG and Combofix gives you a prompt. Just click ok to proceed with the scan, or scan from Windows safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 kate benson

kate benson
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 02 February 2009 - 04:01 PM

Here is the result from GooredFix... I tried to go ahead with the combo fix but a window kept popping up through AVG that said the access file was infected with a Trojan horse BackDoor.SmallX.VX I don't know where to disable AVG like I was told to do prior to running the combofix. Any ideas?


GooredFix v1.83 by jpshortstuff
Log created at 13:44 on 02/02/2009 running Option #2 (Katie)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{73B5A41A-B948-4479-9F88-E93A4C40FBA8}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{73B5A41A-B948-4479-9F88-E93A4C40FBA8}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{73B5A41A-B948-4479-9F88-E93A4C40FBA8}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:29 PM

Posted 02 February 2009 - 04:24 PM

Hi,

To disable AVG:
Open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

* Click on Tools.
* Select Advanced.
* In the left hand pane, scroll down to "Resident Shield".
* In the main pane, deselect the option to "Enable Resident Shield."
To re-enable AVG 8, please select "Enable Resident Shield" again.

If it still gives problems or won't properly disable, run Combofix from Windows safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:29 PM

Posted 11 February 2009 - 07:15 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users