Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vlvtdflx and herss PROBLEM


  • This topic is locked This topic is locked
5 replies to this topic

#1 SteelDigitaL

SteelDigitaL

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 31 January 2010 - 04:18 AM

hi there..
i have a problem..
my Avira and SUPERAnti-Spyware detects these files:

vlvtdflx.exe
herss.exe

my friend said that these files is dangerous..
can anyone help me with this..

just want to ask if this problem can be solved?

DDS.TXT:

DDS (Ver_09-12-01.01) - NTFSx86
Run by garcia at 17:55:23.68 on Sun 01/31/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.609 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\garcia\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar =

hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\garcia\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [cdoosoft] c:\docume~1\garcia\locals~1\temp\herss.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\garcia\startm~1\programs\startup\limewi~1.lnk - c:\program

files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\garcia\startm~1\programs\startup\openof~1.lnk - c:\program

files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\usb

video camera\Monitor.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garcia\applic~1\mozilla\firefox\profiles\6rjkc11w.default\
FF - plugin: c:\documents and settings\garcia\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\garcia\local settings\application

data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\garcia\local settings\application

data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha",

true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-31 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe

[2009-12-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-31

185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-31 56816]
R3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

=============== Created Last 30 ================

2010-02-01 00:56:13 94208 --sh--r- C:\1hqup.exe
2010-02-01 00:46:16 115712 --sh--r- C:\9xf8.exe
2010-01-31 05:33:58 0 d-----w- c:\program files\Audacity
2010-01-29 02:58:32 0 d-----w- c:\docume~1\garcia\applic~1\Facebook
2010-01-28 20:22:37 0 d-----w- C:\FRAG VIDS
2010-01-28 08:01:08 0 d-----w- C:\Fraps
2010-01-28 07:06:44 262162 ----a-w- C:\tyong.tga
2010-01-28 01:51:22 0 d-----w- c:\docume~1\garcia\applic~1\Xilisoft Corporation
2010-01-28 01:49:49 0 d-----w- c:\program files\Xilisoft
2010-01-27 23:44:06 0 d-----w- c:\program files\VSTplugins
2010-01-27 23:40:20 0 d-----w- c:\program files\Sony
2010-01-26 02:15:05 0 d-----w- c:\windows\system32\XPSViewer
2010-01-26 02:14:23 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-26 02:08:43 0 d-----w- c:\program files\Sony Setup
2010-01-18 20:27:43 57 --sh--r- C:\autorun.inf
2010-01-11 05:32:50 0 d-----w- c:\docume~1\garcia\applic~1\TeamViewer
2010-01-11 05:32:47 0 d-----w- c:\program files\TeamViewer
2010-01-11 05:32:18 0 d-----w- c:\documents and settings\garcia\temp
2010-01-09 19:22:44 7680 --sha-w- c:\windows\Thumbs.db
2010-01-09 02:15:43 3014 ----a-w- c:\windows\DEXT2001.ini
2010-01-09 02:15:37 0 d-----w- c:\program files\USB Video Camera
2010-01-06 08:09:51 0 d-----w- c:\docume~1\garcia\applic~1\OpenOffice.org
2010-01-06 08:07:58 0 d-----w- c:\program files\JRE
2010-01-06 08:07:54 0 d-----w- c:\program files\OpenOffice.org 3
2010-01-05 00:05:02 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-04 22:33:47 0 d-----w- c:\program files\City Interactive
2010-01-03 00:18:19 0 d-----w- c:\program files\iPod
2010-01-03 00:18:17 0 d-----w- c:\program files\iTunes
2010-01-03 00:18:17 0 d-----w-

c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 00:17:40 0 d-----w- c:\program files\Bonjour
2010-01-02 23:04:29 0 d-----w- c:\docume~1\garcia\applic~1\LimeWire
2010-01-02 23:03:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-02 23:03:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 23:00:27 0 d-----w- c:\program files\LimeWire
2010-01-02 08:41:47 0 d-----w- c:\program files\Unreal3.2

==================== Find3M ====================

2010-01-01 17:51:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-31 00:22:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2006-06-25 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 17:55:43.53 ===============

ATTACH.TXT:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2009 4:26:45 PM
System Uptime: 1/31/2010 5:37:06 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM SE
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 |

2200/200mhz
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 |

2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 5.081 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 24.355 GiB free.
E: is FIXED (NTFS) - 71 GiB total, 48.935 GiB free.
F: is FIXED (NTFS) - 37 GiB total, 30.907 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/30/2009 4:32:28 PM - System Checkpoint
RP2: 12/30/2009 4:37:12 PM - Installed Realtek High Definition Audio

Driver
RP3: 12/30/2009 4:37:27 PM - Installed Windows XP KB888111WXPSP2.
RP4: 12/30/2009 4:38:46 PM - Installed REALTEK GbE & FE Ethernet PCI-E

NIC Driver
RP5: 12/30/2009 4:45:48 PM - Installed DirectX
RP6: 12/30/2009 9:23:29 PM - Premium Security Suite - 12/30/2009 21:20
RP7: 12/30/2009 9:33:08 PM - Installed iTunes
RP8: 12/31/2009 9:24:10 AM - Avira AntiVir Personal - 12/31/2009 9:24
RP9: 12/31/2009 10:35:58 AM - Installed SUPERAntiSpyware Professional
RP10: 1/1/2010 2:14:43 PM - System Checkpoint
RP11: 1/2/2010 4:16:02 PM - Removed Apple Mobile Device Support
RP12: 1/2/2010 4:17:58 PM - Installed iTunes
RP13: 1/4/2010 2:42:46 PM - Installed DirectX
RP14: 1/4/2010 2:43:23 PM - Installed Microsoft Visual C++ 2005

Redistributable
RP15: 1/4/2010 3:58:18 PM - Installed Windows Installer KB893803v2.
RP16: 1/6/2010 12:07:27 AM - Installed Java™ 6 Update 13
RP17: 1/6/2010 12:07:50 AM - Installed OpenOffice.org 3.1
RP18: 1/8/2010 11:42:05 AM - System Checkpoint
RP19: 1/8/2010 6:15:29 PM - Installed USB Video Camera
RP20: 1/9/2010 6:24:28 PM - System Checkpoint
RP21: 1/11/2010 7:42:35 AM - System Checkpoint
RP22: 1/12/2010 9:17:43 PM - System Checkpoint
RP23: 1/14/2010 9:19:34 AM - System Checkpoint
RP24: 1/15/2010 9:56:07 AM - System Checkpoint
RP25: 1/16/2010 9:42:33 PM - System Checkpoint
RP26: 1/19/2010 2:27:35 PM - System Checkpoint
RP27: 1/23/2010 6:15:29 PM - System Checkpoint
RP28: 1/24/2010 6:45:59 PM - System Checkpoint
RP29: 1/25/2010 6:12:23 PM - Installed Windows XP WIC.
RP30: 1/25/2010 6:14:23 PM - Installed %1 %2.
RP31: 1/25/2010 6:14:28 PM - Printer Driver Microsoft XPS Document Writer

Installed
RP32: 1/26/2010 6:33:19 PM - System Checkpoint
RP33: 1/27/2010 3:40:12 PM - Installed Sony Vegas Pro 8.0
RP34: 1/28/2010 4:19:01 PM - System Checkpoint
RP35: 1/30/2010 2:25:47 PM - System Checkpoint
RP36: 1/31/2010 3:41:16 PM - System Checkpoint

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner (remove only)
Counter-Strike Condition Zero
Facebook Plug-In
FileZilla Client 3.2.6.1
Fraps (remove only)
Google Chrome
Half-Life
High Definition Audio Driver Package - KB888111
iTunes
Java™ 6 Update 13
Java™ 6 Update 16
LimeWire PRO 5.4.6
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.5.7)
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OpenOffice.org 3.1
PDF Settings
Peace and Protection
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
SAS Secure Tomorrow (1.0)
ServerScout
Sierra Utilities
Sony Vegas Pro 8.0
SUPERAntiSpyware Professional
TeamViewer 4
UnrealIRCd3.2.8-rc1
USB Video Camera
VLC media player 0.9.8a
Vtune 7.1
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================

i can't play online games because my game is lag..
i think it because of these viruses.

help..

merged 3 posts. ~ OB

Edited by Orange Blossom, 31 January 2010 - 10:03 AM.


BC AdBot (Login to Remove)

 


#2 SteelDigitaL

SteelDigitaL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 04 February 2010 - 04:32 PM



DDS (Ver_09-12-01.01) - NTFSx86
Run by garcia at 5:29:08.70 on Fri 02/05/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.514 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\garcia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\garcia\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [cdoosoft] c:\docume~1\garcia\locals~1\temp\herss.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\garcia\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\garcia\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\usb video camera\Monitor.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garcia\applic~1\mozilla\firefox\profiles\6rjkc11w.default\
FF - plugin: c:\documents and settings\garcia\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\garcia\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\garcia\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-31 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-31 56816]
R3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

=============== Created Last 30 ================

2010-02-05 07:05:15 113152 --sh--r- C:\ws.exe
2010-02-04 16:31:20 94208 --sh--r- C:\bveijo.exe
2010-02-04 15:53:58 0 d-sh--w- C:\found.000
2010-02-02 15:17:24 94208 --sh--r- C:\9d6tpg.exe
2010-02-01 00:56:13 94208 --sh--r- C:\1hqup.exe
2010-02-01 00:46:16 115712 --sh--r- C:\9xf8.exe
2010-01-31 05:33:58 0 d-----w- c:\program files\Audacity
2010-01-29 02:58:32 0 d-----w- c:\docume~1\garcia\applic~1\Facebook
2010-01-28 20:22:37 0 d-----w- C:\FRAG VIDS
2010-01-28 08:01:08 0 d-----w- C:\Fraps
2010-01-28 07:06:44 262162 ----a-w- C:\tyong.tga
2010-01-28 01:51:22 0 d-----w- c:\docume~1\garcia\applic~1\Xilisoft Corporation
2010-01-28 01:49:49 0 d-----w- c:\program files\Xilisoft
2010-01-27 23:44:06 0 d-----w- c:\program files\VSTplugins
2010-01-27 23:40:20 0 d-----w- c:\program files\Sony
2010-01-26 02:15:05 0 d-----w- c:\windows\system32\XPSViewer
2010-01-26 02:14:23 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-26 02:08:43 0 d-----w- c:\program files\Sony Setup
2010-01-18 20:27:43 51 --sh--r- C:\autorun.inf
2010-01-11 05:32:50 0 d-----w- c:\docume~1\garcia\applic~1\TeamViewer
2010-01-11 05:32:47 0 d-----w- c:\program files\TeamViewer
2010-01-11 05:32:18 0 d-----w- c:\documents and settings\garcia\temp
2010-01-09 19:22:44 7680 --sha-w- c:\windows\Thumbs.db
2010-01-09 02:15:43 3014 ----a-w- c:\windows\DEXT2001.ini
2010-01-09 02:15:37 0 d-----w- c:\program files\USB Video Camera

==================== Find3M ====================

2010-01-02 23:03:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 17:51:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-31 00:22:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2006-06-25 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 5:29:26.28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2009 4:26:45 PM
System Uptime: 2/5/2010 5:02:38 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM SE
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2199/200mhz
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 4.887 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 24.354 GiB free.
E: is FIXED (NTFS) - 71 GiB total, 48.957 GiB free.
F: is FIXED (NTFS) - 37 GiB total, 30.906 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/30/2009 4:32:28 PM - System Checkpoint
RP2: 12/30/2009 4:37:12 PM - Installed Realtek High Definition Audio Driver
RP3: 12/30/2009 4:37:27 PM - Installed Windows XP KB888111WXPSP2.
RP4: 12/30/2009 4:38:46 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP5: 12/30/2009 4:45:48 PM - Installed DirectX
RP6: 12/30/2009 9:23:29 PM - Premium Security Suite - 12/30/2009 21:20
RP7: 12/30/2009 9:33:08 PM - Installed iTunes
RP8: 12/31/2009 9:24:10 AM - Avira AntiVir Personal - 12/31/2009 9:24
RP9: 12/31/2009 10:35:58 AM - Installed SUPERAntiSpyware Professional
RP10: 1/1/2010 2:14:43 PM - System Checkpoint
RP11: 1/2/2010 4:16:02 PM - Removed Apple Mobile Device Support
RP12: 1/2/2010 4:17:58 PM - Installed iTunes
RP13: 1/4/2010 2:42:46 PM - Installed DirectX
RP14: 1/4/2010 2:43:23 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP15: 1/4/2010 3:58:18 PM - Installed Windows Installer KB893803v2.
RP16: 1/6/2010 12:07:27 AM - Installed Java™ 6 Update 13
RP17: 1/6/2010 12:07:50 AM - Installed OpenOffice.org 3.1
RP18: 1/8/2010 11:42:05 AM - System Checkpoint
RP19: 1/8/2010 6:15:29 PM - Installed USB Video Camera
RP20: 1/9/2010 6:24:28 PM - System Checkpoint
RP21: 1/11/2010 7:42:35 AM - System Checkpoint
RP22: 1/12/2010 9:17:43 PM - System Checkpoint
RP23: 1/14/2010 9:19:34 AM - System Checkpoint
RP24: 1/15/2010 9:56:07 AM - System Checkpoint
RP25: 1/16/2010 9:42:33 PM - System Checkpoint
RP26: 1/19/2010 2:27:35 PM - System Checkpoint
RP27: 1/23/2010 6:15:29 PM - System Checkpoint
RP28: 1/24/2010 6:45:59 PM - System Checkpoint
RP29: 1/25/2010 6:12:23 PM - Installed Windows XP WIC.
RP30: 1/25/2010 6:14:23 PM - Installed %1 %2.
RP31: 1/25/2010 6:14:28 PM - Printer Driver Microsoft XPS Document Writer Installed
RP32: 1/26/2010 6:33:19 PM - System Checkpoint
RP33: 1/27/2010 3:40:12 PM - Installed Sony Vegas Pro 8.0
RP34: 1/28/2010 4:19:01 PM - System Checkpoint
RP35: 1/30/2010 2:25:47 PM - System Checkpoint
RP36: 1/31/2010 3:41:16 PM - System Checkpoint
RP37: 2/1/2010 11:00:39 PM - System Checkpoint
RP38: 2/3/2010 8:53:01 AM - System Checkpoint
RP39: 2/4/2010 9:51:42 PM - System Checkpoint

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner (remove only)
Counter-Strike Condition Zero
Facebook Plug-In
FileZilla Client 3.2.6.1
Fraps (remove only)
Google Chrome
Half-Life
High Definition Audio Driver Package - KB888111
iTunes
Java™ 6 Update 13
Java™ 6 Update 16
LimeWire PRO 5.4.6
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.5.7)
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OpenOffice.org 3.1
PDF Settings
Peace and Protection
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
SAS Secure Tomorrow (1.0)
ServerScout
Sierra Utilities
Sony Vegas Pro 8.0
SUPERAntiSpyware Professional
TeamViewer 4
UnrealIRCd3.2.8-rc1
USB Video Camera
VLC media player 0.9.8a
Vtune 7.1
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/4/2010 6:41:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -57635 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.204.69.150:123->207.46.197.32:123) is working properly.
2/3/2010 6:16:22 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/3/2010 6:07:03 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/3/2010 6:07:02 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.

==== End Of File ===========================


-----------------------------------------------------------------------

I am also affected vlvtdflx.exe and herss.exe
here's the link: Merged topics. ~ OB

please help me.. i dont want to waste my money to others to perform reformat in my computer.

Edited by Orange Blossom, 04 February 2010 - 05:53 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:01 AM

Posted 07 February 2010 - 11:20 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#4 SteelDigitaL

SteelDigitaL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 08 February 2010 - 08:01 PM

hi there..
i think my desktop crashed already..
because everytime i restart my computer.. its looks like new reformat..
here's the screenshot..



i appreciate your response syler..
but i need help since last 2 week..
now i dont know what to do now..

i did your instructions but my computer restarts and then when my desktop loaded.. its look like new reformat..

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:01 AM

Posted 09 February 2010 - 10:58 AM

Hi,

I don't understand what you are saying and I can't see your screenshot because it's taking forever to load. I can't help you unless you post
the logs and explain what you mean clearly.

unite.jpg


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:01 AM

Posted 13 February 2010 - 07:27 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users