Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KillAV & Sysguard & Muliple Others


  • Please log in to reply
3 replies to this topic

#1 lovemybullyboys

lovemybullyboys

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 12 June 2010 - 04:11 PM

It's rather simple (well not really)... Lately, I've noticed my computer going slower and slower, and google has started to redirect. I ran two different anti-virus softwares. One picked up 23 infections, the other picked up 19. Sadly, only about 6 items matched on each one.

KillAV and Fraud.Sysguard were two of the main ones. However, my active processes also shows "searchindexer.exe" is also running at 196k. Per the request of the site, I'm including the files and asking for help. It'd be much appreciated, since I, obviously am not very it smart crazy.gif






DDS (Ver_10-03-17.01) - NTFSx86
Run by Catherine at 13:29:51.50 on Sat 06/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.707 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\32788R22FWJFW\cmd.cfxxe
C:\Documents and Settings\Catherine\Desktop\dds.scr
C:\32788R22FWJFW\NirCmd.cfxxe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lab-retriever.net/board/
uInternet Settings,ProxyServer = http=127.0.0.1:3029
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241574770109
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {1B4BDC7B-CFEF-47A2-B9F4-A990F8703F59} = 8.8.8.8,8.8.4.4
Filter: text/html - {f1945930-83ec-4e98-b3e1-b8d52a40a55f} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-6-12 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-11 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-11 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-11 308064]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-5 54752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-6 24652]
S0 hecoytal;hecoytal;c:\windows\system32\drivers\dfjagwa.sys --> c:\windows\system32\drivers\dfjagwa.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-11 430152]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-24 12672]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-06-12 19:29:58 0 d-s---w- C:\ComboFix
2010-06-12 17:28:46 0 d-----w- c:\docume~1\cather~1\applic~1\SUPERAntiSpyware.com
2010-06-12 17:28:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-12 17:28:09 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-12 17:27:11 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-12 17:27:11 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-12 17:27:11 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-12 17:27:10 0 d-----w- c:\program files\ThreatFire
2010-06-12 17:27:10 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-12 03:56:33 0 d-----w- c:\windows\ServicePackFiles
2010-06-12 03:55:07 19569 ----a-w- c:\windows\000001_.tmp
2010-06-12 03:54:52 0 d-----w- c:\windows\EHome
2010-06-12 02:39:36 0 d-----w- c:\program files\Nsasoft
2010-06-12 00:45:55 0 d-----w- c:\windows\system32\Service
2010-06-11 22:54:51 0 d--h--w- C:\$AVG
2010-06-11 22:53:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-11 22:53:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-11 22:53:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-11 22:53:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-11 22:53:17 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-06-11 22:49:36 0 d-----w- c:\program files\AVG
2010-06-11 22:49:17 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-11 22:10:50 0 d-----w- c:\docume~1\cather~1\applic~1\Malwarebytes
2010-06-11 20:51:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 20:51:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 20:51:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 20:51:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-11 13:28:05 0 d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2010-06-09 03:20:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 18:19:20 0 d-----w- c:\docume~1\cather~1\applic~1\Softland
2010-06-08 18:19:10 7549 ----a-w- c:\windows\system32\dopdf7.ctm
2010-06-08 18:19:10 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-06-08 18:19:10 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-06-08 18:19:08 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-06-05 18:39:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-05 18:39:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-03 23:15:34 0 d-----w- c:\program files\Shared

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 13:32:39.57 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:57 AM

Posted 16 June 2010 - 08:09 PM

hi.

Your log is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 lovemybullyboys

lovemybullyboys
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 20 June 2010 - 10:34 PM

Yep. Still need help/

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:57 AM

Posted 21 June 2010 - 04:52 PM

ok. We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own computer. Post the log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users