Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus GT


  • This topic is locked This topic is locked
2 replies to this topic

#1 slp9700

slp9700

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 03 October 2010 - 01:50 AM

Hi,

Malwarebytes is showing Trojan.Agent and Rogue.AntivirusGT and I can't shake them. Getting redirects on internet and slow overall system. DDS logs below and attached. Can't get gmer to save -- tried twice, first time shut down program second time shut down program and forced a reboot.

Thanks for any help you can offer,

>>>>>>>>>>>

DDS (Ver_10-03-17.01) - NTFSx86
Run by Stacie at 23:49:03.94 on Sat 10/02/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.168 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\Secure Access Client\nsload.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Stacie.HOME1\Desktop\Defogger.exe
C:\Documents and Settings\Stacie.HOME1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [AVGT] c:\program files\avgt\antivirusGT.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: fastestdeploy.com
Trusted Zone: turbotax.com
Trusted Zone: fastestdeploy.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://img.member.yahoo.com/dl/atty/yinst_current.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254106791336
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254106755675
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
mASetup: {86A5E74E-B72B-4fd3-939E-2841EC3711B9} - c:\program files\common files\citrix agp 9 config\AGClientConfig.exe

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2010-3-9 81024]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2010-3-18 154776]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [2010-3-18 41624]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100725.003\naveng.sys [2010-7-25 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100725.003\navex15.sys [2010-7-25 1362608]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2005-6-10 32840]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-12-10 176896]

=============== Created Last 30 ================

2010-10-02 20:56:14 0 ----a-w- c:\documents and settings\stacie.home1\defogger_reenable
2010-10-01 15:54:00 112 ----a-w- c:\docume~1\alluse~2.win\applic~1\6GTVKU0Il.dat
2010-10-01 00:52:11 0 d-----w- c:\docume~1\stacie~1.hom\applic~1\Specialbit
2010-09-28 00:11:27 0 d-----w- c:\docume~1\alluse~2.win\applic~1\Alawar Stargaze
2010-09-19 02:25:59 0 d-----w- c:\program files\Youda Survivor
2010-09-19 00:55:26 0 d-----w- c:\docume~1\stacie~1.hom\applic~1\Ghost Ship Studios
2010-09-18 00:58:54 0 d-----w- c:\docume~1\stacie~1.hom\applic~1\Big Splash Games
2010-09-18 00:58:54 0 d-----w- c:\docume~1\alluse~2.win\applic~1\Big Splash Games
2010-09-17 22:51:27 0 d-----w- c:\docume~1\alluse~2.win\applic~1\Fugazo
2010-09-06 21:25:37 0 d-----w- c:\docume~1\stacie~1.hom\applic~1\PeaceCraft2

==================== Find3M ====================

2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-02-25 03:08:55 271 --sh--w- c:\program files\desktop.ini
2004-02-25 03:08:55 21952 -c--a-w- c:\program files\folder.htt
2008-05-27 02:30:09 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 23:52:31.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 slp9700

slp9700
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 October 2010 - 08:25 PM

Please disregard and close this question. Tdsskiller solved my rootkit issue! Thank you anyway,

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 06 October 2010 - 08:26 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users