Tech Support Forum - View Single Post

bosamuelson · 06-13-2009, 06:02 AM

Original thread

Please help!

Please help, not sure the what the problems is I get many messages from my antivirus could you please take a look. Thank you.

Messages include
HTML-Scriptvirus
HTML/Shellcode.Gen
\looksHiddenSearch[1].pdf

Also on the scan for gmer I did not have all the 'untick' options you had shown on you screen shot in the 'New Instructions' I never had C:\ or J.\

Thank you in advance

DDS (Ver_09-05-14.01) - FAT32x86
Run by Lea at 13:41:05,28 on 13.06.2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.580 [GMT 2:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00F0-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633CD98-FFA4-00DA-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
SVCHOST.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
SVCHOST.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcwap.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\Lea\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.spiegel-online.de/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programme\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar.dll
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [Ulead AutoDetector] c:\programme\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\programme\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [avgnt] "c:\programme\antivir personaledition classic\avgnt.exe" /min
mRun: [DAEMON Tools] "d:\programme\daemon tools\daemon.exe" -lang 1033 -noicon
mRun: [WA6PU_Check] "c:\programme\gemeinsame dateien\drivecleaner free\udcwap.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [IETI] c:\programme\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\autoru~1\isdnwa~1.lnk - c:\programme\fritz!\IWatch.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\autoru~1\tmmoni~1.lnk - c:\programme\msi\arcsoft\totalmedia\TMMonitor.exe
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programme\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programme\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\programme\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programme\antivir personaledition classic\avgio.sys [2006-10-15 11608]
R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [2005-1-11 6784]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2007-6-18 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-5-30 201696]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer;c:\programme\antivir personaledition classic\sched.exe [2006-10-15 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\programme\antivir personaledition classic\avguard.exe [2006-10-15 151297]
R3 avgntflt;avgntflt;c:\programme\antivir personaledition classic\avgntflt.sys [2006-10-15 52056]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [2009-2-12 37568]
R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [2005-1-11 16000]
S3 fxusbase;AVM ISDN-Connector FRITZ!X USB;c:\windows\system32\drivers\fxusbase.sys [2009-2-12 454912]
S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1980-1-1 155392]
S3 jbmhmr.dll;jbmhmr.dll;c:\programme\benq\q-hotkeymgr\jbmhmr.dll [2005-1-11 2688]
S3 QPowerHw.dll;QPowerHw.dll;c:\programme\benq\qpower\QPowerHw.dll [2005-1-11 3456]
S3 QPresentHw.dll;QPresentHw.dll;\??\c:\programme\benq\qpresentation\qpresenthw.dll --> c:\programme\benq\qpresentation\QPresentHw.dll [?]
S3 QSrsHw.dll;QSrsHw.dll;c:\programme\benq\benq surround\QSrsHw.dll [2005-1-11 3584]

=============== Created Last 30 ================

2009-06-08 20:02 34 a------- c:\dokumente und einstellungen\lea\jagex_runescape_preferences.dat
2009-06-08 19:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-08 14:08 <DIR> --dsh--- C:\FOUND.001

==================== Find3M ====================

2009-05-07 17:32 348,160 a------- c:\windows\system32\localspl.dll
2009-05-07 17:32 348,160 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 06:41 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-29 06:41 78,336 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-29 06:41 347,136 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-04-29 06:41 214,528 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-04-29 06:41 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-29 06:41 385,024 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-29 06:41 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-29 06:41 230,400 -------- c:\windows\system32\dllcache\ieaksie.dll
2009-04-29 06:41 153,088 -------- c:\windows\system32\dllcache\ieakeng.dll
2009-04-29 06:41 124,928 -------- c:\windows\system32\dllcache\advpack.dll
2009-04-29 06:41 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-28 11:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-28 11:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-25 07:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 07:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-19 21:46 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-19 21:46 1,847,296 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 16:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-15 16:34 410,704 a------- c:\windows\system32\perfh007.dat
2009-04-15 16:34 72,866 a------- c:\windows\system32\perfc007.dat
2009-03-21 16:06 1,063,424 -------- c:\windows\system32\dllcache\kernel32.dll
2004-11-29 14:29 561,152 a------- c:\dokumente und einstellungen\lea\UIUCU2.EXE
2008-10-06 19:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 13:41:17,57 ===============