Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVCARE got me good


  • This topic is locked This topic is locked
8 replies to this topic

#1 JudgeSmails

JudgeSmails

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 12 August 2009 - 09:41 PM

Synopsis

got AVcare - posted at the over at the junior section here
http://www.bleepingcomputer.com/forums/ind...p;#entry1382199

They sent me here where my post was number 10 above (was reconsolidated back over there, guess I didn't quite make it to high school)

Was able to get the app to finally run in safe mode - not sure if that gives you what you want but I'm running out of options with this stuff. Didn't see different post by orange B until after I got ti to run. Files are attached and added in text below as requested. I did not yet try and download HJT as she noted in post(guessing it is a she) 11 in thread listed above.

Awaiting your advise (or advice if your on this side of the pond)



DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Administrator at 22:23:17.28 on Wed 08/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.797 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Duane\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.Yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.fulldotfinds.com/pubac/ac.php?aid=158&sid=clean12
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [13517964] c:\documents and settings\all users\application data\13517964\13517964.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-20 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-20 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-20 27784]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-20 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-19 112128]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3.tmp [2009-8-12 6144]

=============== Created Last 30 ================

2009-08-12 21:47 6,144 -------- c:\windows\system32\3.tmp
2009-08-12 21:47 6,144 -------- c:\windows\system32\2.tmp
2009-08-12 21:47 6,144 -------- c:\windows\system32\1.tmp
2009-08-12 21:47 <DIR> --d----- c:\program files\Sophos
2009-08-12 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13517964
2009-08-12 11:49 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 11:49 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-12 11:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-11 20:10 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 20:09 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 09:39 140,288 a------- C:\fixvirals.exe
2009-08-11 09:06 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-08-11 09:05 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-08-10 21:20 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-10 21:20 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-10 21:19 <DIR> --d----- c:\windows\ie8updates
2009-08-10 21:19 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-10 21:18 <DIR> -cd-h--- c:\windows\ie8
2009-08-10 19:49 <DIR> --d----- c:\documents and settings\administrator\Bluetooth Software
2009-08-10 19:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\TMP
2009-08-10 19:49 <DIR> --d----- c:\documents and settings\Administrator
2009-08-09 22:00 <DIR> --d----- c:\windows\system32\Adobe
2009-08-08 08:47 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-08-08 08:44 <DIR> --d----- c:\program files\RapidSolution
2009-08-08 08:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-08-08 08:42 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 08:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-31 08:47 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 17:12 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 12:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-23 22:37 2,101,158 a------- c:\program files\sc_setup.exe
2009-06-20 20:11 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-20 20:11 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2007-02-12 20:10 2,705,744 -------- c:\documents and settings\all users\VCREDI~3.EXE
2008-06-24 13:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 22:25:43.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 13 August 2009 - 05:10 AM

Please show hidden files and folders

Find this folder and delete it manually..

c:\documents and settings\all users\application data\13517964


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 JudgeSmails

JudgeSmails
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 13 August 2009 - 11:49 AM

ComboFix 09-08-10.06 - Duane 08/13/2009 12:35.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.673 [GMT -4:00]
Running from: c:\documents and settings\Duane\Desktop\New Folder\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Duane\Desktop\System Security 2009.lnk
c:\documents and settings\Duane\Start Menu\Programs\System Security
c:\documents and settings\Duane\Start Menu\Programs\System Security\System Security
c:\recycler\S-1-5-21-319294890-3149517362-201515139-1003
c:\windows\run.log
c:\windows\system32\1.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\6.tmp
c:\windows\system32\drivers\SKYNETygebkxrq.sys
c:\windows\system32\drivers\UACaisqtwfwfm.sys
c:\windows\system32\SKYNETesignbux.dll
c:\windows\system32\SKYNETknjjuxsu.dat
c:\windows\system32\SKYNETtxckmwtu.dat
c:\windows\system32\SKYNETuqurfonn.dll
c:\windows\system32\UACdwpbrviscn.dll
c:\windows\system32\UACinemvoktku.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClmltjqnqbv.dll
c:\windows\system32\UACqfdjtadxnp.dat
c:\windows\system32\UACtnabwndxin.dll
c:\windows\system32\UACxlahkvjmlo.db
c:\windows\system32\UACywycifvmvg.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETsarurerp
-------\Legacy_SKYNETsarurerp
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 01:47 . 2009-08-13 01:47 -------- d-----w- c:\program files\Sophos
2009-08-12 15:49 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 15:49 . 2009-08-12 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 15:49 . 2009-08-12 15:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-12 15:49 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 14:23 . 2009-08-12 14:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-12 00:09 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:08 . 2009-08-12 00:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-11 13:39 . 2009-08-11 13:35 140288 ----a-w- C:\fixvirals.exe
2009-08-11 13:06 . 2009-08-11 13:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-11 13:05 . 2009-08-11 13:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-11 01:24 . 2009-08-11 01:24 -------- d-sh--w- c:\documents and settings\Duane\PrivacIE
2009-08-11 01:24 . 2009-08-11 01:24 -------- d-sh--w- c:\documents and settings\Duane\IECompatCache
2009-08-11 01:22 . 2009-08-11 01:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-11 01:22 . 2009-08-11 01:22 -------- d-sh--w- c:\documents and settings\Duane\IETldCache
2009-08-11 01:20 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-11 01:20 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-11 01:19 . 2009-08-11 01:19 -------- d-----w- c:\windows\ie8updates
2009-08-11 01:19 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-11 01:18 . 2009-08-11 01:19 -------- dc-h--w- c:\windows\ie8
2009-08-10 10:56 . 2009-08-10 10:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL
2009-08-10 03:32 . 2009-08-10 03:32 -------- d-----w- c:\documents and settings\Duane\Application Data\Logs
2009-08-10 02:00 . 2009-08-10 02:00 -------- d-----w- c:\windows\system32\Adobe
2009-08-08 12:48 . 2009-08-08 12:48 -------- d-----w- c:\documents and settings\Duane\Local Settings\Application Data\RapidSolution
2009-08-08 12:47 . 2009-08-08 12:47 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-08-08 12:44 . 2009-08-10 03:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\RapidSolution
2009-08-08 12:44 . 2009-08-08 12:44 -------- d-----w- c:\program files\RapidSolution
2009-08-08 12:42 . 2009-08-10 03:25 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 22:31 . 2009-08-07 22:31 -------- d-----w- c:\documents and settings\Duane\Local Settings\Application Data\WMTools Downloaded Files
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:47 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-31 12:47 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-19 22:22 . 2009-07-19 22:22 -------- d-----w- c:\windows\Sun
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 00:16 . 2009-06-21 00:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-08 13:52 . 2009-06-23 10:35 270 ----a-w- c:\documents and settings\Duane\Application Data\wklnhst.dat
2009-08-08 09:23 . 2009-07-11 22:18 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-08 09:22 . 2009-07-11 22:18 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-05 09:01 . 2008-04-15 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-19 01:55 . 2009-06-23 10:35 -------- d-----w- c:\documents and settings\Duane\Application Data\Template
2009-07-17 21:12 . 2009-06-21 00:11 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2008-04-15 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-10-19 12:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 01:18 . 2009-07-12 01:18 -------- d-----w- c:\documents and settings\Duane\Application Data\Viewpoint
2009-07-12 00:22 . 2009-07-12 00:22 -------- d-----w- c:\program files\Smart FLV Converter
2009-07-09 21:53 . 2009-07-09 21:53 1915520 ----a-w- c:\documents and settings\Duane\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-03 17:09 . 2007-08-14 09:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-04-15 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-15 04:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-15 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-15 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-15 04:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-15 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 13:17 . 2008-12-19 08:02 -------- d-----w- c:\program files\Microsoft Works
2009-06-24 13:16 . 2009-06-24 13:16 -------- d-----w- c:\program files\Microsoft COMDisable
2009-06-24 11:18 . 2008-04-15 04:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 02:41 . 2009-06-24 02:38 -------- d-----w- c:\program files\SeaClear
2009-06-24 02:37 . 2009-06-24 02:37 2101158 ----a-w- c:\program files\sc_setup.exe
2009-06-21 00:11 . 2009-06-21 00:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-21 00:11 . 2009-06-21 00:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-21 00:11 . 2009-06-21 00:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\AVG
2009-06-20 21:28 . 2009-06-20 21:28 48352 ----a-w- c:\documents and settings\Duane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2008-04-15 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-15 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-04-15 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-15 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-04-15 04:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-15 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-04-15 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-21 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IDTSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2008-08-30 442477]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-21 00:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 8:11 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 8:11 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/20/2009 8:11 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 8:11 PM 298776]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/19/2008 3:48 AM 112128]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-13517964 - c:\documents and settings\All Users\Application Data\13517964\13517964.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\IDT\WDM\stacsv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2009-08-13 12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 16:47

Pre-Run: 52,687,106,048 bytes free
Post-Run: 52,690,829,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

213 --- E O F --- 2009-08-12 10:41

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 13 August 2009 - 12:10 PM

If you know nothing about C:\fixvirals.exe file, just find it and delete it manually..

Then do below..

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 JudgeSmails

JudgeSmails
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 13 August 2009 - 12:20 PM

Fixvirals was something I downloaded from AVG when this first hit. The file name was something else originally but I had issue with it so I renamed it. (not sure where I was told to do so, but it worked after that.) It found a few things, but I new I still had issues after looking at the registry. Hence why I posted here. I will delete it.

I'll try and get to eset and mbam as soon as possible.

Thanks for the quick reply.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 13 August 2009 - 01:25 PM

Ok :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 JudgeSmails

JudgeSmails
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 13 August 2009 - 08:15 PM

pc running much better now. Thanks for asking.

mbam:
Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 5.1.2600 Service Pack 3

8/13/2009 8:45:33 PM
mbam-log-2009-08-13 (20-45-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126172
Time elapsed: 27 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdwpbrviscn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACinemvoktku.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClmltjqnqbv.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACywycifvmvg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNETygebkxrq.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACaisqtwfwfm.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008833.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008836.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008837.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008838.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008840.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0008841.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


eset

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=e9e265f00147754ea3df9d637b04a875
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-14 01:08:49
# local_time=2009-08-13 09:08:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 95 23469879062500
# scanned=36321
# found=0
# cleaned=0
# scan_time=775

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 14 August 2009 - 12:38 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 JudgeSmails

JudgeSmails
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 14 August 2009 - 12:53 AM

Thank you for your help. Everything seems to be operating smoothly now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users