Thread: Pc is Nuked: Blocked Updates and pop-ups
View Single Post
Old 12-03-2008, 03:11 PM   #1 (permalink)
bimm3rcc
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Pc is Nuked: Blocked Updates and pop-ups
I dont know if its virus, malware badware crapware spyware or whatever.

What i do know that something is suddenly blocking updates to:

Avg 8.0
Windows defender
Windows update.

Other problems:

Keep getting pop-ups on firefox

When i try to run system scan with Avg this pop ups:

AVG WATCHDOG SERVICE has stopped working

and

Unspecefic error has occured
would you like to send bla bla to avg bla bla.

Also i seem to have problems with Java programs, cause i cannot open my hotmail emails, and i cannot for some reason run online scanners.
Tells me (!) Error or (!) Failed down in the left corner.

Also i have weird hidden folder in C: D: and E: hidden with the dame Resycled containing boot.com

Thank you so so so much

Gmer.txt
Attach.txt

DDS LOG


DDS (Version 1.0) - NTFSx86
Run by Stefano at 23:02:11,62 on 03-12-2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1033.18.3070.1800 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Stefano\AppData\Local\Temp\winloggn.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\resycled\boot.com
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stefano\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {a1960e60-6cf1-4263-913d-1f5b51d79362} - c:\windows\system32\delehele.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [xsjfn83jkemfofght] c:\users\stefano\appdata\local\temp\winloggn.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [xsjfn83jkemfofght] c:\users\stefano\appdata\local\temp\winloggn.exe
mRun: [MSServer] rundll32.exe c:\windows\system32\yayxvSjK.dll,#1
mRun: [puyebalete] Rundll32.exe "c:\windows\system32\venaroyu.dll",s
mRun: [CPMc30db0d6] Rundll32.exe "c:\windows\system32\kofemube.dll",a
StartupFolder: c:\users\stefano\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
uPolicies-system: DisableTaskMgr = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
TCP: {30EDAEF3-DD40-4E4A-AFDB-F852C5931945} = 85.255.112.134;85.255.112.165
TCP: {BFB5A80A-F2E4-41A9-B5DD-E6FEF0657D24} = 85.255.112.134;85.255.112.165
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\tipifipo.dll c:\windows\system32\kofemube.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kofemube.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kofemube.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yayxvSjK.dll
LSA: Notification Packages = scecli c:\windows\system32\tipifipo.dll

============= SERVICES / DRIVERS ===============

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\drivers\AtiPcie.sys [2008-4-28 14352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-2 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-2 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-30 231704]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;"c:\program files\fujitsu siemens computers\systemdiagnostics\onlinediagnostic\testmanager\TestHandler.exe" [2008-4-25 303104]
R2 WinFl32;WinFl32;\??\c:\windows\system32\WinFl32.sys [2008-10-14 20192]
R2 WinVd32;WinVd32;\??\c:\windows\system32\WinVd32.sys [2008-11-3 180064]
R3 atikmdag;atikmdag;c:\windows\system32\drivers\atikmdag.sys [2008-8-21 3928576]
R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2008-10-20 49664]
S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdxmt.exe -srv []
S4 ahcix86s;ahcix86s;c:\windows\system32\drivers\ahcix86s.sys [2008-7-25 170000]

=============== Created Last 30 ================

2008-12-03 22:50 250 a------- c:\windows\gmer.ini
2008-12-03 17:32 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-03 17:11 <DIR> --d----- c:\program files\Panda Security
2008-12-02 23:33 1,329,641 ---sh--- c:\windows\system32\izurased.ini
2008-12-01 17:55 <DIR> --d----- c:\users\stefano\.housecall6.6
2008-12-01 17:22 342,065 a--sh--- c:\windows\system32\ggMmlnnn.ini2
2008-12-01 17:22 342,065 a--sh--- c:\windows\system32\ggMmlnnn.ini
2008-12-01 17:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-01 17:17 <DIR> --d----- c:\users\stefano\appdata\roaming\gadcom
2008-12-01 17:17 10,000 a------- c:\windows\system32\jse783hfgfffe.dll
2008-12-01 17:17 65,536 a------- c:\windows\system32\awtuRkjK.dll
2008-12-01 17:16 <DIR> --d----- c:\windows\HDTVXviD Codec
2008-12-01 17:15 <DIR> --d----- c:\windows\Easy Decrypter
2008-11-22 20:47 <DIR> --dsh--- C:\Diskeeper
2008-11-22 15:04 <DIR> --d----- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 <DIR> --d----- c:\progra~2\Diskeeper Corporation
2008-11-22 15:04 <DIR> --d----- c:\program files\Diskeeper Corporation
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-11-17 16:58 <DIR> --d----- c:\users\stefano\appdata\roaming\PeerNetworking
2008-11-14 21:25 <DIR> --d----- c:\programdata\Real
2008-11-14 21:25 <DIR> --d----- c:\program files\Real Alternative
2008-11-13 15:57 <DIR> --d----- c:\windows\system32\xlive
2008-11-10 17:39 <DIR> --d----- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 <DIR> --d----- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 0 a------- c:\windows\system32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 <DIR> --d----- c:\users\stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 <DIR> --d----- c:\users\stefano\appdata\roaming\Red Alert 3
2008-11-05 19:26 <DIR> --dshr-- C:\resycled
2008-11-05 19:26 103 ---shr-- C:\autorun.inf
2008-11-05 18:58 0 a------- C:\Cd
2008-11-05 18:58 0 a------- C:\attrib
2008-11-05 17:24 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-11-05 17:13 <DIR> -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:13 <DIR> -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-03 23:54 180,064 a------- c:\windows\system32\WinVd32.sys
2008-11-03 23:50 <DIR> --d----- c:\program files\PROnetworks

==================== Find3M ====================

2008-12-03 16:15 85,558 a--sh--- c:\windows\system32\yuhodose.dll
2008-12-03 16:15 94,262 a--sh--- c:\windows\system32\kofemube.dll
2008-12-02 23:33 93,750 a--sh--- c:\windows\system32\gebegimi.dll
2008-12-02 23:33 86,582 a--sh--- c:\windows\system32\desaruzi.dll
2008-12-01 17:58 <DIR> --d----- c:\progra~2\avg8
2008-12-01 17:40 <DIR> --d----- c:\users\stefano\appdata\roaming\uTorrent
2008-11-14 14:40 <DIR> --d----- c:\users\stefano\appdata\roaming\FrostWire
2008-11-05 23:50 <DIR> --dsh--- c:\users\stefano\appdata\roaming\.#
2008-11-05 17:17 <DIR> --d----- c:\progra~2\DriverScanner
2008-11-05 17:14 <DIR> --d----- c:\users\stefano\appdata\roaming\Uniblue
2008-11-05 17:14 <DIR> --d----- c:\program files\Uniblue
2008-11-03 23:58 3,012 a--sh--- c:\windows\system32\sys_drv.dat
2008-11-03 23:54 <DIR> --d----- c:\program files\Folder Lock 6
2008-11-03 15:27 <DIR> --d----- c:\program files\OO Software
2008-11-03 12:36 <DIR> --d----- c:\program files\common files\PX Storage Engine
2008-11-02 18:46 <DIR> --d----- c:\program files\common files\BitDefender
2008-11-02 18:46 <DIR> --d----- c:\program files\BitDefender
2008-11-02 17:54 <DIR> --d----- c:\program files\Zone Labs
2008-11-02 12:18 <DIR> --d----- c:\program files\common files\MSSoap
2008-11-02 12:08 <DIR> --d----- c:\program files\AVG
2008-11-02 01:19 <DIR> --d----- c:\program files\common files\Softwin
2008-11-02 01:19 <DIR> --d----- c:\program files\Softwin
2008-11-02 01:13 <DIR> --d----- c:\progra~2\avg8(32)
2008-11-01 23:30 <DIR> --d----- c:\program files\Port Forwarding Wizard
2008-11-01 22:57 <DIR> --d----- c:\progra~2\CheckPoint
2008-11-01 18:17 <DIR> --d----- c:\users\stefano\appdata\roaming\RecoveryFix for Windows
2008-10-23 14:23 <DIR> --d----- c:\program files\ATI
2008-10-22 16:14 <DIR> --d----- c:\users\stefano\appdata\roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-10-21 20:14 <DIR> --d----- c:\program files\SubtitlesSynch
2008-10-21 19:57 249,856 -------- c:\windows\Setup1.exe
2008-10-21 19:57 73,216 a------- c:\windows\ST6UNST.EXE
2008-10-21 17:48 <DIR> --d----- c:\users\stefano\appdata\roaming\gnupg
2008-10-21 07:57 <DIR> --d----- c:\progra~2\Uniblue
2008-10-20 23:33 319,456 a------- c:\windows\DIFxAPI.dll
2008-10-20 23:33 <DIR> --d----- c:\program files\Realtek
2008-10-20 23:20 319,488 a------- c:\windows\HideWin.exe
2008-10-18 20:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-10-18 16:37 <DIR> --d----- c:\program files\DAEMON Tools Pro
2008-10-18 16:35 <DIR> --d----- c:\users\stefano\appdata\roaming\DAEMON Tools Pro
2008-10-18 16:35 <DIR> --d----- c:\progra~2\DAEMON Tools Pro
2008-10-18 13:58 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-17 22:20 20,192 a------- c:\windows\system32\WinFl32.sys
2008-10-17 13:14 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-13 19:06 <DIR> --d----- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 <DIR> --d----- c:\users\stefano\appdata\roaming\Xilisoft Corporation
2008-10-12 03:11 <DIR> --d----- c:\program files\common files\Steam
2008-10-11 20:16 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 <DIR> --d----- c:\program files\FrostWire
2008-10-09 23:01 <DIR> --d----- c:\program files\VideoLAN
2008-10-06 03:18 17,984 a------- c:\windows\system32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 a------- c:\windows\system32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 a------- c:\windows\pif\Launcher.PIF
2008-10-02 14:52 <DIR> --d----- c:\progra~2\Media Center Programs
2008-10-02 03:49 827,392 a------- c:\windows\system32\wininet.dll
2008-10-01 22:57 <DIR> --d----- c:\users\stefano\appdata\roaming\Mount&Blade
2008-10-01 19:56 <DIR> --d----- c:\users\stefano\appdata\roaming\Ubisoft
2008-09-30 21:38 <DIR> --d----- c:\progra~2\Sony Ericsson
2008-09-30 21:30 <DIR> --d----- c:\progra~2\DFX
2008-09-30 21:08 <DIR> --d----- c:\progra~2\Nero
2008-09-30 19:38 <DIR> --d----- c:\progra~2\Messenger Plus!
2008-09-30 17:04 <DIR> --d----- c:\users\stefano\appdata\roaming\Atari
2008-09-30 14:32 52,736 a------- c:\windows\ipuninst.exe
2008-09-30 14:21 <DIR> --d----- c:\users\stefano\appdata\roaming\SPORE
2008-09-30 12:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-09-18 05:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 04:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-18 04:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-18 02:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-09 17:32 1,833,504 a------- c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 a------- c:\windows\RtlUpd.exe
2008-09-09 17:32 806,432 a------- c:\windows\system32\RtkPgExt.dll
2008-09-09 17:32 42,016 a------- c:\windows\system32\RtkCoInst.dll
2008-09-09 17:32 285,216 a------- c:\windows\system32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 a------- c:\windows\system32\RtkAPO.dll
2008-09-09 17:32 6,281,760 a------- c:\windows\RtHDVCpl.exe
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\delehele.dll
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\tipifipo.dll
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\venaroyu.dll

============= FINISH: 23:03:03,84 ===============
Attached Files
File Type: txt DDS.txt (14.1 KB, 0 views)
bimm3rcc is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here