Cannot run any antivirus, installed or online scan

#1 copycat


  Members
  • 21 posts
  • Local time:01:54 PM

Posted 24 February 2009 - 01:34 AM

Trying to fix my sister's computer remotely using TeamViewer :)
Sorry I cannot give you any more detailed information but she cannot tell me exactly when this starting happening.
What I can tell you is that seems that the virus/worm/trojan is blocking the internet conection, as I cannot visti panda, karspersky, avg, norton and more antivirus webpages that provide with online scan... :step4:
Also AVG 8 was running in my sisters computer when the infection happened, But if you are familiar with it... whe you rigth click on the AVG icon on the task bar it gives you three options, (Open, Update and Exit) well when i do that the first two are in light gray color and cannot be accessed. Also when starting wondows a windows pops uo saying that the service avgsomething.exe could not be started... This is what my sister told me but I havent seen it even after restaring the computer... maybe its because i am helping her remotely using teamviewer... :thumbup2:

I can also tell you that the internet explorer desktop icon is gone... i dont know why but its very suspicious, instead of it there is what I call a fake one.. it its also a internet explorer icon, but it is a shortcut... its not the one that you can rigth click on it and bring the internet options... this one its just a shortcut to IE.. :step1:

Also when I use windows explorer if i try to go to Tool, the "folder options" menu is gone! :step5:

Thanks in advance

DDS (Ver_09-02-01.01) - NTFSx86
Run by Coatza at 0:10:23.54 on 24/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.2046.1525 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de programa\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\Coatza\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.mx/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\coatza\injwinv.exe \s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TB: PDF de Adobe: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\archivos de programa\gamesbar\oberontb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\archivos de programa\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Picasa Media Detector] c:\mi pc\picasa2\PicasaMediaDetector.exe
uRun: [FILMCOPY] c:\docume~1\coatza\datosd~1\eqsoap~1\CAKEUSER.exe
uRun: [ares] "c:\archivos de programa\ares\Ares.exe" -h
uRun: [TaskMon] c:\windows\system32\taskmon.exe
uRun: [12CFG914-K641-26SF-N32P] c:\recycler\s-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [axis love poll lite] c:\documents and settings\all users\datos de programa\each new axis love\Lite Bold.exe
mRun: [LogMeIn GUI] "c:\archivos de programa\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\archivos de programa\microsoft lifecam\LifeExp.exe"
mRun: [ATIPTA] c:\archivos de programa\ati technologies\ati control panel\atiptaxx.exe
mRun: [HydraVisionDesktopManager] c:\archivos de programa\ati technologies\ati hydravision\HydraDM.exe
mRun: [Windows UDP Control Center] fxstaller.exe
mRun: [Avast Service] ashrv.exe
mRun: [AntiVir AntiRootkit] avirakd.exe
mRun: [Avast AutoBackup] avgamsav.exe
mRun: [AVG AntiVirus Screener] AVG AntiVirus Screener
mRun: [Avast Updater] Avast Updater
mRun: [AVG AntiVirus Service] avgupser.exe
mRun: [Avast Servicer] avgwserv.exe
mRun: [AVG AntiVirus Console] AVG AntiVirus Console
mRun: [AVG AntiVirus Control] AVG AntiVirus Control
mRun: [Avast Display] ashdesp.exe
mRun: [AntiVir Control Center] avcntr.exe
mRun: [Avast MailWatcher] ashmailsa.exe
mRun: [Avast Management] Avast Management
mRun: [AntiVir Guard Service] avgrdr.exe
mRun: [Avast WebWatch] ashwebsa.exe
mRun: [AntiVir Management] avgmnt.exe
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\archiv~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: &Search - ?p=ZJxdm130YYMX
IE: Abrir cliente a monitor &1 - c:\windows\web\AOpenClient.htm
IE: Abrir cliente a monitor &2 - c:\windows\web\AOpenClient.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convertir a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir selección a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\archivos de programa\gamesbar\oberontb.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~3\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\archivos de programa\archivos comunes\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://mycanivalcity.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-MX/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131255207500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\coatza\datosd~1\mozilla\firefox\profiles\v37kxjha.default\
FF - plugin: c:\archivos de programa\microsoft\office live\npOLW.dll
FF - plugin: c:\documents and settings\all users\datos de programa\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\mi pc\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R0 lcyqacfr;lcyqacfr;c:\windows\system32\drivers\lcyqacfr.sys [2009-2-18 34016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-23 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-23 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-23 107272]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-19 46112]
S2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\avg\avg8\avgwdsvc.exe [2009-2-23 298264]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\archivos de programa\logmein\x86\rainfo.sys --> c:\archivos de programa\logmein\x86\RaInfo.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-8-9 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-8-9 85696]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2007-4-4 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2007-4-4 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2007-4-4 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2007-4-4 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2007-4-4 82864]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-23 22:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-23 22:55 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-23 22:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-23 22:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-23 22:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-23 22:30 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-23 21:48 <DIR> --d----- c:\docume~1\coatza\datosd~1\AVGTOOLBAR
2009-02-23 20:54 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-23 20:27 11,776 a---h--- c:\documents and settings\coatza\injwinv.exe
2009-02-20 17:25 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-02-19 21:12 11,264 a---h--- c:\documents and settings\coatza\cdo.exe
2009-02-19 15:17 62,464 ---shr-- c:\windows\system32\avgmnt.exe
2009-02-18 15:39 34,016 a------- c:\windows\system32\drivers\lcyqacfr.sys
2009-02-18 15:38 62,464 ---shr-- c:\windows\system32\ashwebsa.exe
2009-02-18 15:38 62,464 ---shr-- c:\windows\system32\avgrdr.exe
2009-02-18 15:37 62,464 ---shr-- c:\windows\system32\avgemd.exe
2009-02-18 15:37 62,464 ---shr-- c:\windows\system32\ashmailsa.exe
2009-02-18 15:37 62,464 ---shr-- c:\windows\system32\avcntr.exe
2009-02-18 15:37 62,464 ---shr-- c:\windows\system32\ashdesp.exe
2009-02-18 15:37 11,264 a---h--- c:\documents and settings\coatza\rxu.exe
2009-02-18 15:37 67,072 ----h--- c:\windows\system32\secupdat.dat
2009-02-18 15:37 50,560 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgectr.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgegui.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgwserv.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgupser.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\aswupdsr.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgscr.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avgamsav.exe
2009-02-18 15:36 62,464 ---shr-- c:\windows\system32\avirakd.exe
2009-02-18 15:35 62,464 ---shr-- c:\windows\system32\ashrv.exe
2009-02-11 00:02 <DIR> --d----- C:\7fc347bd747969ef9c7db92281863b3b

==================== Find3M ====================

2009-02-23 23:02 470,562 a------- c:\windows\system32\perfh00A.dat
2009-02-23 23:02 83,724 a------- c:\windows\system32\perfc00A.dat
2009-01-16 21:05 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-20 16:47 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 16:47 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2008-12-20 16:47 1,160,192 a------- c:\windows\system32\dllcache\urlmon.dll
2008-12-20 16:47 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2008-12-20 16:47 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 16:47 105,984 -------- c:\windows\system32\dllcache\url.dll
2008-12-20 16:47 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2008-12-20 16:47 102,912 -------- c:\windows\system32\dllcache\occache.dll
2008-12-20 16:47 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 16:47 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2008-12-19 03:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-23 13:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008112320081124\index.dat

============= FINISH: 0:11:28.29 ===============

Attached Files

#2 kahdah


  Security Colleague
  • 11,138 posts
  • Gender:Male
  • Location:Florida
  • Local time:02:54 PM

Posted 08 March 2009 - 10:18 AM

Hello copycat

Welcome to BleepingComputer :thumbup2:
If you are still in need of assistance please post a new DDs log.
