Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 jonnychapman

jonnychapman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 05 November 2009 - 07:31 AM

Hi,

I use firefox as my browser. I have a virus that results in a new firefox window opening and trying to go to and a site called free video dictionary at Removed link

I have tried scans in both AVG9 and Microsoft Security essentals in both normal mode and safe mode. The problems did appear about the same time I upgraded to AVG9. The normal scan found a number of trojans, AVG then required the computer to restart. It didn't appear to resolve the problem though. Some of the trojans appeared to be in AVG files. I've also tried scans with Max spyware Detector and A Squared without sucess. I'm using Vista (32 bit) and Comodo as my firewall. I regualry run C-cleaner and I'm fully backed up.

I've tried to run RootRepeal three times however it keeps freezing whilst scanning. I've tried reinstalling but the same happens. Sorry no results attached from Root Repeal.

Thanks in advance for any help you can give....

Jonny


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jonny at 0:01:23.12 on 05/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.835 [GMT 0:00]

SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1197018687\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Max Registry Cleaner\MaxLURC.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Max Registry Cleaner\RCVistaService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Max Spyware Detector\MaxSDUI.exe
C:\Users\Jonny\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
uSearch Bar = res://c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus DX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibve.exe /fu "c:\windows\temp\E_SDE5.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S3D66.tmp" /EF "HKCU"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HostManager] c:\program files\common files\aol\1197018687\ee\AOLSoftware.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [RCAutoLiveUpdate] c:\program files\max registry cleaner\MaxLURC.exe -AUTO
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [<NO NAME>]
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RCSystemTray] c:\program files\max registry cleaner\MaxRCSystemTray.exe
mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hueytray.lnk - c:\program files\pantone\huey\hueyTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: {A7713263-4978-4159-B252-9E0049A87B1B} = 212.139.132.10 212.139.132.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: SDNotify - c:\program files\max spyware detector\SDNotify.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\zvbx7s6t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-4 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-4 360584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-4-4 128888]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-4-4 29520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-4 285392]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-10-13 426928]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]
R2 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\RCVistaService.exe [2009-3-17 1515440]
R2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2007-12-7 613376]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-12-7 1116800]
R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-10-13 30128]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-12-7 13976]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2007-12-20 56088]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-2-7 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-2-7 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-2-7 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-2-7 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-2-7 98568]

=============== Created Last 30 ================

2009-11-04 23:58:48 0 d-----w- c:\program files\Trend Micro
2009-11-04 19:34:06 0 d--h--w- C:\$AVG
2009-11-04 19:34:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-04 19:34:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-04 19:33:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-04 19:33:38 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-04 19:33:31 0 d-----w- c:\programdata\avg9
2009-11-04 14:18:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 23:22:37 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-03 23:22:31 0 d-----w- c:\users\jonny\appdata\roaming\SUPERAntiSpyware.com
2009-11-03 23:22:31 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-02 22:33:27 130 ----a-w- c:\windows\cfplogvw.INI
2009-11-01 21:38:07 194128 ----a-w- c:\windows\adiras.exe
2009-10-30 12:50:52 143360 ----a-w- c:\windows\system32\GetHardDiskNo.dll
2009-10-28 13:14:04 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:14:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 11:07:03 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 11:06:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 11:06:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 11:06:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-17 16:32:48 9092032 ----a-w- c:\program files\windows-kb890830-v3.0.exe
2009-10-14 17:51:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:51:27 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:51:27 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:45:44 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:45:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:45:39 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 11:46:26 389488 ----a-w- c:\program files\OGAPluginInstall.exe
2009-10-13 11:10:11 0 d-----w- c:\program files\Max Spyware Detector

==================== Find3M ====================

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 14:01:13 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-24 17:21:34 502272 ----a-w- c:\windows\system32\CheckDll.dll
2009-09-19 15:14:35 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 15:14:34 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 15:14:34 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 10:53:48 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-18 10:53:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-18 10:53:45 143360 ----a-w- c:\windows\inf\infstor.dat
2009-09-15 17:52:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-15 17:03:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-13 20:26:10 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-08-31 17:14:47 250811 ----a-w- c:\program files\Dornier DO17z.pdf
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 11:34:39 7658952 ----a-w- c:\program files\daemon4304-lite.exe
2009-08-18 09:57:53 57187288 ----a-w- c:\program files\Nero-9.4.12.3_free.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-07-05 20:56:36 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-07-06 22:23:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008070620080707\index.dat
2007-12-07 16:47:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:03:00.75 ===============

Edited by garmanma, 05 November 2009 - 12:07 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:05 AM

Posted 10 November 2009 - 04:37 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 jonnychapman

jonnychapman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 10 November 2009 - 03:37 PM

Hi,

Thanks for taking the time to help...

Firstly I've attached a new DDS log as requested. Since the original post AVG carried out a scheduled scan. I've cut and paste the virus results it found after the DDS results. AVG dosen't appear to have removed the virus though and the pop ups continue. AVG counts 44 virus in total. I hope this info is helpful, apologies if it is not.

Kind regards

Jonny


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jonny at 20:24:16.84 on 10/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.952 [GMT 0:00]

SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1197018687\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Max Registry Cleaner\RCVistaService.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jonny\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
uSearch Bar = res://c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus DX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibve.exe /fu "c:\windows\temp\E_SDE5.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S3D66.tmp" /EF "HKCU"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HostManager] c:\program files\common files\aol\1197018687\ee\AOLSoftware.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [RCAutoLiveUpdate] c:\program files\max registry cleaner\MaxLURC.exe -AUTO
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [<NO NAME>]
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RCSystemTray] c:\program files\max registry cleaner\MaxRCSystemTray.exe
mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hueytray.lnk - c:\program files\pantone\huey\hueyTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: {A7713263-4978-4159-B252-9E0049A87B1B} = 212.139.132.10 212.139.132.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: SDNotify - c:\program files\max spyware detector\SDNotify.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\zvbx7s6t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-4 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-4 360584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-4-4 128888]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-4-4 29520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-4 285392]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-10-13 426928]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]
R2 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\RCVistaService.exe [2009-3-17 1515440]
R2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2007-12-7 613376]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-12-7 1116800]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-12-7 13976]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2007-12-20 56088]
S3 QJCSH;QJCSH;c:\users\jonny\appdata\local\temp\QJCSH.exe [2009-11-5 392064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-2-7 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-2-7 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-2-7 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-2-7 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-2-7 98568]
S3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-10-13 30128]
S3 XXZ;XXZ;c:\users\jonny\appdata\local\temp\XXZ.exe [2009-11-5 387968]

=============== Created Last 30 ================

2009-11-05 11:10:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-04 23:58:48 0 d-----w- c:\program files\Trend Micro
2009-11-04 19:34:06 0 d--h--w- C:\$AVG
2009-11-04 19:34:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-04 19:34:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-04 19:33:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-04 19:33:38 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-04 19:33:31 0 d-----w- c:\programdata\avg9
2009-11-04 14:18:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 23:22:37 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-03 23:22:31 0 d-----w- c:\users\jonny\appdata\roaming\SUPERAntiSpyware.com
2009-11-03 23:22:31 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-02 22:33:27 130 ----a-w- c:\windows\cfplogvw.INI
2009-11-01 21:38:07 194128 ----a-w- c:\windows\adiras.exe
2009-10-30 12:50:52 143360 ----a-w- c:\windows\system32\GetHardDiskNo.dll
2009-10-28 13:14:04 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:14:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 11:07:03 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 11:06:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 11:06:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 11:06:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-17 16:32:48 9092032 ----a-w- c:\program files\windows-kb890830-v3.0.exe
2009-10-14 17:51:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:51:27 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:51:27 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:45:44 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:45:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:45:39 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 11:46:26 389488 ----a-w- c:\program files\OGAPluginInstall.exe
2009-10-13 11:10:11 0 d-----w- c:\program files\Max Spyware Detector

==================== Find3M ====================

2009-11-05 14:31:24 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-24 17:21:34 502272 ----a-w- c:\windows\system32\CheckDll.dll
2009-09-19 15:14:35 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 15:14:34 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 15:14:34 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 10:53:48 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-18 10:53:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-18 10:53:45 143360 ----a-w- c:\windows\inf\infstor.dat
2009-09-15 17:52:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-15 17:03:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-13 20:26:10 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-08-31 17:14:47 250811 ----a-w- c:\program files\Dornier DO17z.pdf
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 11:34:39 7658952 ----a-w- c:\program files\daemon4304-lite.exe
2009-08-18 09:57:53 57187288 ----a-w- c:\program files\Nero-9.4.12.3_free.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-07-05 20:56:36 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-07-06 22:23:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008070620080707\index.dat
2007-12-07 16:47:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:26:00.28 ===============

AVG results....

"C:\Windows\System32\taskeng.exe (2272):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\System32\taskeng.exe (2272)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\System32\rundll32.exe (3752):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\System32\rundll32.exe (3752)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\System32\dwm.exe (2184):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\System32\dwm.exe (2184)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\RtHDVCpl.exe (3476):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\RtHDVCpl.exe (3476)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\explorer.exe (2348):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Windows\explorer.exe (2348)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Windows Sidebar\sidebar.exe (812):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Windows Sidebar\sidebar.exe (812)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Windows Sidebar\sidebar.exe (3788):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Windows Sidebar\sidebar.exe (3788)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Pantone\huey\hueyTray.exe (3904):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Pantone\huey\hueyTray.exe (3904)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Max Spyware Detector\MaxSDTray.exe (3704):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Max Spyware Detector\MaxSDTray.exe (3704)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (3688):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (3688)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Kontiki\KHost.exe (3588):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Kontiki\KHost.exe (3588)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\iTunes\iTunesHelper.exe (3724):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\iTunes\iTunesHelper.exe (3724)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (3664):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (3664)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\COMODO\Firewall\cfp.exe (3764):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\COMODO\Firewall\cfp.exe (3764)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (3496):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (3496)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (4572):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (4572)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (3812):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (3812)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\aol\1197018687\ee\aolsoftware.exe (3488):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\Common Files\aol\1197018687\ee\aolsoftware.exe (3488)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgui.exe (5308):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgui.exe (5308)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgtray.exe (3772):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgtray.exe (3772)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgscanx.exe (6080):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgscanx.exe (6080)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgcsrvx.exe (5212):\memory_00010000";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"
"C:\Program Files\AVG\AVG9\avgcsrvx.exe (5212)";"Trojan horse Agent_r.OT";"Reboot is required to finish the action"

Attached Files

  • Attached File  DDS.txt   16.54KB   1 downloads


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:05 AM

Posted 10 November 2009 - 05:05 PM

Hello again,

Let's create another log.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 jonnychapman

jonnychapman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 13 November 2009 - 08:46 AM

Hi,

I've had an absoloute nightmare with the GMER programme. Twice it stalled halfway through scanning and i got the message "has encoutered a problem and has stopped working" I then tried re-installing the programme, using firefox I accidently clicked 'run' on the file I'd download in Firefox downloads. This caused the computer to crash taking me to the blue screen 'windows has been shut down to prevent damage to your computer'. I followed the instruction from there, the computer couldn't fix itself and simply kept returning to the blue screen.

I've now got the computer partly working by using a restore point. However firefox and AVG won't work. I've tried unistaling them. AVG won't unistall. I've tried to re-install them without sucess. When I've downloaded the files from the net and then used 'run' nothing happens and I can't find the saved file. I've even tried saving to my desktop. I've also tried microsoft's av, but that failed in the same way.

Sorry this has turned into such a drama. Advice and suggestions please?

Regards

Jonny

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:05 AM

Posted 13 November 2009 - 10:08 AM

Hi,

See if you're able to run GMER by deselecting Devices and Sections from the options before running the scan.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 jonnychapman

jonnychapman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 13 November 2009 - 10:30 AM

Sorry just tried to download and save GMER to desktop a couple of times but it dosen't work I'm affraid. It does however show the file downloading. Same as with AVG and Firefox.

Regards
Jonny

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:05 AM

Posted 13 November 2009 - 10:36 AM

I have a strong feeling AVG is causing your files to get lost after downloading. I've seen similar things happen with Vista+AVG combination. Are you able to disable AVG?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:05 AM

Posted 19 November 2009 - 02:07 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users