Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirusPro2010 + braviax?


  • This topic is locked This topic is locked
3 replies to this topic

#1 pnyknights

pnyknights

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 16 October 2009 - 06:37 PM

As mentioned in my intro post, my girlfriend's old P3 desktop has now been infected with what appears to be antivirus2010. Booting XP into normal but then a message dialog soon pops up stating "[random legitimate program] cannot intialize as the Windows machine is shutting down. The only way to get the computer up is to boot in SAFE mode (the monitor resolution is horrible!!) I have followed some of the previous guides on this site. MBAM had previously found stuff and removed various files, however when rebooting back into normal XP, the little PITA red X still shows up and the computer shuts down again. Please help. Thanks again all.



DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Administrator at 19:12:15.36 on Fri 10/16/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.207 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\Administrator\Desktop\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sympatico.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [SHS] "c:\program files\rogers\selfhealing\SHS.exe" /background
uRun: [RogersAgent] c:\program files\rogers\selfhealing\rogersagent.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [mserv] c:\documents and settings\administrator\application data\svcst.exe
uRun: [svchost] c:\documents and settings\administrator\application data\svcst.exe
uRun: [calc] rundll32.exe c:\docume~1\admini~1\ntuser.dll,_IWMPEvents@0
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\scandisk.dll
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\office.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.myaccess.library.utoronto.ca/lib/utoronto/support/plugins/ebraryRdr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {38cab261-f234-4e89-9ec5-abd42e48a046} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\pn63zxrk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-16 108552]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2006-12-21 36224]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-16 335240]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-16 297752]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2006-12-21 54271]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2007-1-6 72192]

=============== Created Last 30 ================

2009-10-16 18:51 831 a------- c:\windows\system32\critical_warning.html
2009-10-16 18:51 25,600 a--sh--- c:\windows\system32\calc.dll
2009-10-16 18:51 25,600 a--sh--- c:\documents and settings\administrator\ntuser.dll
2009-10-16 18:51 24,576 a------- c:\windows\system32\winupdate.exe
2009-10-16 18:50 24,576 a------- C:\nmihj.exe
2009-10-16 18:50 22,016 a------- C:\cwxa.exe
2009-10-16 18:50 273,920 a------- c:\docume~1\admini~1\applic~1\svcst.exe
2009-10-16 18:50 273,920 a------- c:\docume~1\admini~1\applic~1\seres.exe
2009-10-16 02:08 19,499 a------- c:\windows\ejijug.lib
2009-10-16 02:08 19,348 a------- c:\docume~1\admini~1\applic~1\fyjew.bin
2009-10-16 02:08 17,729 a------- c:\docume~1\alluse~1\applic~1\odufamopuh.bin
2009-10-16 02:08 17,595 a------- c:\windows\cito.dll
2009-10-16 02:08 17,438 a------- c:\windows\ewowa.dll
2009-10-16 02:08 14,983 a------- c:\windows\dylyk.pif
2009-10-16 02:08 12,224 a------- c:\windows\system32\ydomob.dl
2009-10-16 02:08 19,956 a------- c:\windows\system32\ojezyt.exe
2009-10-16 02:08 19,139 a------- c:\program files\common files\unakipecig.dat
2009-10-16 02:08 15,103 a------- c:\windows\system32\gawywaw.pif
2009-10-16 02:08 13,311 a------- c:\program files\common files\zyhir.sys
2009-10-16 02:08 12,253 a------- c:\windows\system32\ijusug.vbs
2009-10-15 23:35 30,208 a------- C:\iytcqy.exe
2009-10-15 23:35 9,216 a------- C:\svhkapw.exe
2009-10-15 23:33 0 a------- c:\windows\system32\NvApps.xml
2009-10-15 23:05 2,148 a------- c:\windows\system32\wpa.dbl
2009-10-15 21:40 <DIR> --d----- c:\windows\ERUNT
2009-10-15 21:39 <DIR> --d----- C:\SDFix
2009-10-15 21:30 <DIR> --d----- C:\_OTM
2009-10-14 22:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-14 22:24 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 22:24 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-14 22:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-14 20:43 91 a------- c:\windows\wininit.ini
2009-10-14 19:43 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-14 19:43 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-10-14 19:43 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-10-14 19:43 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-10-14 19:03 12,365 a------- c:\docume~1\alluse~1\applic~1\pidakireq.exe
2009-10-14 19:03 12,301 a------- c:\docume~1\alluse~1\applic~1\rucu.exe

==================== Find3M ====================

2009-10-16 02:08 14,575 a------- c:\program files\common files\ehuny.dl
2009-10-16 02:08 10,345 a------- c:\program files\common files\uvuzuzir._sy
2009-10-14 19:03 10,669 a------- c:\program files\common files\ilyjefym.inf
2009-10-14 19:03 17,232 a------- c:\program files\common files\ucyto.db
2009-10-14 19:03 19,244 a------- c:\program files\common files\loqukisew.ban
2009-08-15 12:01 11,952 a------- c:\windows\system32\avgrsstx.dll
2007-05-05 17:32 53 a------- c:\program files\Yahoo!

============= FINISH: 19:12:49.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pnyknights

pnyknights
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 27 October 2009 - 11:16 PM

any help before I have to start pulling files off the drive?

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:29 PM

Posted 28 October 2009 - 01:03 AM

Hi,

Sorry for delayed response. Forums have been really busy. Post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:29 PM

Posted 06 November 2009 - 01:16 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users