Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus?


  • Please log in to reply
1 reply to this topic

#1 Tats

Tats

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 04 August 2010 - 01:35 PM

Hi Guys! Just wondering if id be able to have my files looked at to make sure no virus, Trojan etc is present. My PC has never been looked at, so its a piece of mind for me to make sure all is clear. cool.gif


DDS (Ver_10-03-17.01) - NTFSX64
Run by Micks at 3:21:53.53 on Thu 05/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3067.1635 [GMT 9.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Micks\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Users\Micks\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Micks\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Users\Micks\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Micks\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Micks\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Micks\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Micks\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.6.22.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java™ Plug-In 2 SSV Helper
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Video Converter... - c:\program files (x86)\mp3 player utilities 5.11\aviconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {2225A222-A789-11CE-86F8-0020AFD8C6DB} - {3335A333-A789-11CE-86F8-0020AFD8C6DB} - c:\progra~2\passwo~1\pwscr.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {DB6655FF-5357-4E63-970D-0E70B1B189E1} = 10.188.66.103 10.176.66.71
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-3-28 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-3-28 56008]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-3-28 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-28 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-28 35536]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-28 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-6-22 921952]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-6-22 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-1 304464]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-3-28 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-3-28 35920]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 54824]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-8-3 114304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-28 24664]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\drivers\nuvotoncir.sys [2009-8-31 48128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-6-28 84512]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-28 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-14 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-4 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1255736]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 46592]

=============== Created Last 30 ================

2010-08-04 17:45:39 0 ----a-w- c:\users\micks\defogger_reenable
2010-08-04 15:12:48 0 d-----w- c:\windows\pss
2010-08-04 04:13:06 0 d-----w- c:\program files (x86)\MP3 Player Utilities 5.11
2010-08-04 04:11:28 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-08-03 15:39:05 0 d-----w- c:\programdata\DVD Shrink
2010-08-03 11:34:38 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 07:56:36 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-08-03 07:56:36 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-08-03 07:56:36 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-03 07:56:36 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-08-03 07:56:20 0 d-----w- c:\program files (x86)\3 Mobile Broadband
2010-08-03 07:40:00 0 d-----w- c:\program files (x86)\DVD Decrypter
2010-07-19 09:06:17 0 d-----w- c:\program files (x86)\Dodo Wireless Broadband
2010-07-19 06:10:35 0 d-----w- c:\programdata\boost_interprocess
2010-07-18 09:12:56 0 d-----w- c:\program files (x86)\Conduit
2010-07-15 13:56:24 0 d-----w- c:\windows\syswow64\Adobe
2010-07-15 11:55:00 876 ----a-w- C:\e-tax 2010_uninstall.lnk
2010-07-15 11:54:57 0 d-----w- C:\help
2010-07-14 20:09:22 0 d-----w- c:\windows\syswow64\log
2010-07-13 17:58:25 144384 ----a-w- c:\windows\system32\cdd.dll

==================== Find3M ====================

2010-08-03 07:39:33 99384 ----a-w- c:\users\micks\appdata\roaming\inst.exe
2010-08-03 07:39:33 82816 ----a-w- c:\users\micks\appdata\roaming\pcouffin.sys
2010-07-02 09:53:26 729600 ----a-w- C:\etaxHelp.exe
2010-07-02 09:53:20 43520 ----a-w- C:\VMem.dll
2010-07-02 09:52:42 12943872 ----a-w- C:\etax2010.exe
2010-07-02 02:34:36 196608 ----a-w- C:\ssleay32.dll
2010-07-02 02:34:36 1015808 ----a-w- C:\libeay32.dll
2010-07-02 01:54:16 348160 ----a-w- C:\msvcr71.dll
2010-06-27 23:23:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-27 23:01:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
2010-06-22 00:08:13 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-06-22 00:08:11 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-06-22 00:08:03 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-06-22 00:07:58 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 06:30:56 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-13 08:19:18 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-28 11:54:16 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 3:22:15.19 ===============

Im was unable to check boxes in GMER, except for: Services, Registry, Services and ADS. All other available boxes were greyed out....once scan was completed this is the message i received: 'GMER hasn't found any system modification'

Hopefully u will be able to solve this problem for me so i can provide u with everything required

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:25 AM

Posted 13 August 2010 - 06:53 AM

Hello Tats

Welcome to BleepingComputer smile.gif

Gmer will not run correctly on a 64bit operating system.
That is why it didn't work correctly.
I don't see anything in your logs but since it has been a few days please do the following.
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users