Thread: avg res shield cannot heal ?
View Single Post
Old 03-17-2009, 12:11 PM   #1 (permalink)
jackgrt
Registered User
 
Join Date: Mar 2009
Posts: 1
OS: xp


avg res shield cannot heal ?
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 19:17:54.35 on Tue 03/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.136 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DOS2USB\DOS2USB.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
uWindows: load= c:\tcwin45\pipeline\remind.exe c:\tcwin45\pipeline\\remind.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [DOS2USB] c:\program files\dos2usb\DOS2USB.exe
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk -

c:\windows\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {23E34534-1FF0-4296-9677-0BF6A9618A7E} = 218.248.240.79 218.248.240.135
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bjbnm1q5.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-15 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-4 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-15 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-15 298264]
S3 yqfprhqr;yqfprhqr;\??\c:\windows\system32\drivers\yqfprhqr.sys --> c:\windows\system32\drivers\yqfprhqr.sys [?]

=============== Created Last 30 ================

2009-03-16 20:15 <DIR> --d----- c:\program files\CivIV super download
2009-03-16 19:27 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-15 21:59 <DIR> --d-h--- c:\windows\PIF
2009-03-15 20:53 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-15 20:53 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-15 20:53 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-15 20:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-15 20:53 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVGTOOLBAR
2009-03-15 20:53 <DIR> --d----- c:\program files\AVG
2009-03-15 20:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-10 05:29 <DIR> --d----- c:\program files\Panicware
2009-03-06 01:02 19,327 a------- c:\windows\system32\lpt2cap.vxd
2009-03-06 01:02 19,327 a------- c:\windows\system32\dos2usb.vxd
2009-03-06 01:02 8,386 a------- c:\windows\system32\GSN.vxd
2009-03-06 01:02 1,851 a------- c:\windows\system32\xpdrvr.exe
2009-03-06 01:02 <DIR> --d----- c:\program files\DOS2USB
2009-03-04 18:00 <DIR> --d----- c:\program files\Printfil
2009-02-21 19:42 <DIR> --d----- c:\program files\Conduit
2009-02-21 19:42 <DIR> --d----- c:\program files\SpeedBitPlus
2009-02-21 19:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit
2009-02-21 19:42 479,298 a------- c:\windows\system32\wbocx.ocx
2009-02-21 19:42 172,032 a------- c:\windows\system32\AniGIF.ocx
2009-02-21 19:42 50,688 a------- c:\windows\system32\wbhelp2.dll
2009-02-21 19:42 <DIR> --d----- c:\program files\DAP
2009-02-19 15:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\GreenPrint

==================== Find3M ====================

2008-09-20 10:10 10,534 ac------ c:\documents and settings\all users\rndismp.sys

============= FINISH: 19:18:12.12 ===============
"Trojan horse BackDoor.Generic4.JWF";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163153.sys";"Infected";"3/17/2009, 6:36:53 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic4.JWF";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163153.sys";"Moved to Virus Vault";"3/17/2009, 6:10:02 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157676.exe";"Moved to Virus Vault";"3/17/2009, 4:51:59 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157675.exe";"Moved to Virus Vault";"3/17/2009, 4:18:40 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic4.JWF";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163152.sys";"Infected";"3/16/2009, 11:24:24 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic4.JWF";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163152.sys";"Moved to Virus Vault";"3/16/2009, 10:24:03 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0158684.exe";"Moved to Virus Vault";"3/16/2009, 9:23:20 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 7:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 6:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 5:24:24 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 4:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Moved to Virus Vault";"3/16/2009, 4:15:36 PM";"file";"C:\WINDOWS\system32\svchost.exe"

It looks to me that svchost is defective, & restoring some kind of trojan, so if that's true, how do I fix? Thanx
jackgrt is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here