Thread: Possible Infection Affecting Internet
View Single Post
Old 12-02-2008, 01:16 PM   #1 (permalink)
Wheezy
TSF Supporter
 
Join Date: Oct 2007
Location: Minnesota, USA
Posts: 95
OS: Windows XP


Possible Infection Affecting Internet
Unfortunately I am back. I do love this website and appreciate all of the help you give people, but I hate why I come here! I think I may have another infection. I know it's probably irritating to see the same people all the time, but I did everything and put everything in place (as far as anti-virus protection AVG Free), but something must have slipped through. I apologize crawling back here with the same problem, but I just don't know what else I could have done...

About two days ago, a weird PDF website that came up with a Google search (that I didn't even visit) tried to execute a pop-up, which froze my Internet. From then on, my internet has been *super* slow, and I am unable to navigate to this forum, the GMER website or my anti-virus website (among others). I was able to download DDS, send it over to my desktop and run it, but gmer will not run. No matter how many times I try it, I open it and try to run it but nothing happens. But here are the logs from the DDS program.

---------------------DDS LOG---------------------


DDS (Version 1.0) - NTFSx86
Run by Shellie Waters at 13:52:41.67 on Tue 12/02/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.624 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
"C:\WINDOWS\system32\drivers\svchost.exe"
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shellie Waters\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://minnesota.twins.mlb.com/index.jsp?c_id=min
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\downlo~1\spybot~1\SDHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [nah_Shell] c:\documents and settings\shellie waters\nah_ettf.exe
uRun: [HPseti] "c:\documents and settings\shellie waters\application data\google\runhh6110411.exe"
mRun: [QuickTime Task] "c:\program files\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-20 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-20 26824]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-20 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-20 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-20 76040]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2007-10-15 52368]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-9-17 36112]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-9-17 333328]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-7-30 56576]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~2\TmPfw.exe [2007-10-15 480520]
S4 tmproxy;Trend Micro Proxy Service;"c:\program files\trend micro\internet security\TmProxy.exe" [2007-10-15 648456]

=============== Created Last 30 ================

2008-12-01 01:04 161 a------- c:\documents and settings\shellie waters\nah_log.dat
2008-11-30 20:18 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-30 20:08 80,384 a------- c:\documents and settings\shellie waters\nah_ettf.exe
2008-11-30 20:07 42,496 a------- c:\windows\system32\drivers\svchost.exe
2008-11-24 18:07 <DIR> --d----- c:\program files\3ivx
2008-11-24 18:07 <DIR> --d----- c:\program files\muvee Technologies
2008-11-24 18:07 <DIR> --d----- c:\program files\common files\muvee Technologies
2008-11-24 18:06 26,496 a------- c:\windows\system32\dllcache\usbstor.sys
2008-11-20 16:12 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-20 16:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-20 16:12 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-20 16:12 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-20 16:12 <DIR> --d----- c:\program files\AVG
2008-11-20 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2008-11-30 20:08 502,272 a------- c:\windows\system32\winlogon.exe
2008-11-30 20:08 295,424 a------- c:\windows\system32\termsrv.dll
2008-11-24 18:07 <DIR> --d----- c:\program files\QTComponents
2008-10-24 05:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 23:08 <DIR> --d----- c:\docume~1\shelli~1\applic~1\SPORE
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 10:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-07 21:52 <DIR> --d----- c:\program files\TheSimsResource
2008-10-07 17:20 <DIR> --d----- c:\program files\SimPE
2008-09-15 05:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 05:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-07 11:16 7,086 ac------ c:\windows\system32\ealregsnapshot1.reg
2008-09-04 10:42 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-04 10:42 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-07-07 16:01 <DIR> --d----- c:\docume~1\shelli~1\applic~1\CoreFTP
2007-11-10 23:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2007-10-18 14:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2007-10-16 01:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2007-10-15 18:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2006-10-18 11:54 <DIR> --d----- c:\docume~1\shelli~1\applic~1\.BitTornado
2006-09-16 21:23 <DIR> --d----- c:\docume~1\shelli~1\applic~1\X-Chat 2
2006-09-11 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Windows Live Toolbar
2006-07-06 00:18 <DIR> --d----- c:\docume~1\shelli~1\applic~1\New Folder
2006-05-22 22:13 <DIR> --d----- c:\docume~1\shelli~1\applic~1\FileMaker
2006-04-13 20:26 <DIR> --d----- c:\docume~1\shelli~1\applic~1\Corel Photo Album
2006-04-11 02:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-10-21 15:54 152 ---shr-- c:\windows\system32\11D43EA203.sys
2006-10-21 15:54 7,520 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:53:36.54 ===============
Attached Files
File Type: zip Attach.zip (4.8 KB, 2 views)
Wheezy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here