Tech Support Forum - View Single Post - System Security virus. Computer is trashed... Please Help!

johntron · 07-02-2009, 08:19 PM

Hi,

I was on the internet today and without thinking clicked on a random popup that appeared and it got me into some trouble I think.

This program called "System Security 2009" suddenly popped up and began "scanning" my computer and then things went downhill pretty fast.

I attempted to do a system restore but apparently this program disabled it so I cant click on the "next" button to begin a restore. I then tried to do a scan with my antivirus program (avira antivir) and it scanned for about half an hour and found about 70 detections before the computer suddenly restarted and a blue screen popped up. After reading the instructions I wish I had wrote down what it said, but the blue screen doesn't popup anymore. It said something about a possible hardware problem but thats about all I remember.

Now when I turn on the computer, it wont let me access any programs at all and when I try to open anything a balloon pops up and says: "Application cannot be executed. The file ... is infected. Please activate your antivirus software."

The internet is totally shut down as well.

That's about all I can think of to write about the problem. The computer is basically useless and I'm on my friends laptop posting this on the forum. I was able to do a dds scan and the text is below. Ive attached the attach.txt and the ark.txt...

If there's anything else you want to know that I didn't think of let me know. I'd really appreciate any help at all. Thanks

----------------------------------------------------------------------
DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Govier at 23:26:08.37 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1678 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost
C:\WINDOWS\Explorer.EXE
svchost
C:\Documents and Settings\Govier\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
mWinlogon: Taskman=c:\recycler\s-1-5-21-8740180075-0867940186-176470350-4594\wnzip32.exe
BHO: c:\windows\system32\gsf83iujid.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\gsf83iujid.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [A00F75F1D9F.exe] c:\docume~1\govier\locals~1\temp\_A00F75F1D9F.exe
uRun: [<NO NAME>] c:\docume~1\govier\locals~1\temp\yy4za.exe
uRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\docume~1\govier\locals~1\temp\yy4za.exe
uRun: [Windows System Recover!] c:\docume~1\govier\locals~1\temp\taskmgr.exe
uRun: [12CFG515-K641-55SF-N66P] c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
uRun: [reader_s] c:\documents and settings\govier\reader_s.exe
uRun: [A00F7600B7A.exe] c:\docume~1\govier\locals~1\temp\_A00F7600B7A.exe
uRun: [ttool] c:\windows\9129837.exe
uRun: [InetChk] c:\docume~1\govier\locals~1\temp\ms1246503636.exe work
uRun: [Govier] c:\documents and settings\govier\Govier.exe /i
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [17255784] c:\documents and settings\all users\application data\17255784\17255784.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} - hxxp://www.bxwa.com/fastbid/fastbidx1.cab
DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} - hxxp://www.bxwa.com/fastbid/fastbidx_plugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: ccedda - c:\windows\system32\ccedda.dll
Notify: __c0049FCA - c:\windows\system32\__c0049FCA.dat
AppInit_DLLs: ,c:\docume~1\govier\locals~1\temp\123756593142mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ewwwahQ - {ACA38E21-0609-248B-959C-D9129FE7C9E2} - c:\windows\system32\jvpj.dll
STS: c:\windows\system32\gsf83iujid.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\gsf83iujid.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 21e9bc01c641f0498a97094892a518a8;21e9bc01c641f0498a97094892a518a8;c:\windows\system32\21e9bc01c641f0498a97094892a518a8.sys []
S1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-11-19 11608]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-11-19 68865]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-7-11 99568]
S2 drv;drv;c:\windows\system32\svchost.exe -k drv [2005-8-16 17408]
S2 lich;lich;c:\windows\system32\lich.exe [2009-7-1 86016]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 17408]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-10 98304]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-11-19 151297]
S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-11-19 52056]

=============== Created Last 30 ================

2009-07-01 21:50 424,320 a------- c:\windows\system32\drivers\bcmwl5.sys
2009-07-01 21:50 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-07-01 21:50 60,800 a------- c:\windows\system32\drivers\arp1394.sys
2009-07-01 21:50 59,904 a------- c:\windows\system32\drivers\atmarpc.sys
2009-07-01 21:50 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-07-01 21:50 45,312 a------- c:\windows\system32\drivers\bcm4sbxp.sys
2009-07-01 21:50 14,336 a------- c:\windows\system32\drivers\asyncmac.sys
2009-07-01 21:50 13,952 a------- c:\windows\system32\drivers\CmBatt.sys
2009-07-01 21:50 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-07-01 21:50 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-07-01 20:10 50 a------- C:\xcrashdump.dat
2009-07-01 20:08 12,544 a------- c:\windows\system32\iehelper.dll
2009-07-01 20:05 200,720 a------- c:\windows\system32\mukmil.dll
2009-07-01 20:02 21,593 ----h--- c:\documents and settings\govier\Govier.exe
2009-07-01 20:00 118,784 a------- c:\windows\system32\sgc518j0e7an.dll
2009-07-01 20:00 76,289 a------- c:\windows\9129837.exe
2009-07-01 20:00 <DIR> --dsh--- c:\windows\system32\lowsec
2009-07-01 19:59 10 a------- c:\windows\system32\kr_done1
2009-07-01 19:59 8 a------- c:\windows\system32\comsa32.sys
2009-07-01 19:59 134,656 -------- c:\windows\system32\tpsaxyd.exe
2009-07-01 19:59 28,160 a------- c:\windows\system32\__c004A790.dat
2009-07-01 19:59 206,546 a------- C:\illhtee.exe
2009-07-01 19:59 0 a------- c:\windows\system32\lich.dat
2009-07-01 19:59 86,016 a------- c:\windows\system32\lich.exe
2009-07-01 19:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\17255784
2009-07-01 19:58 306,432 a------- c:\windows\sysguard.exe
2009-07-01 19:58 <DIR> --d----- c:\program files\drv
2009-07-01 19:58 2 a------- c:\windows\010112010146118114.dat
2009-07-01 19:58 206,546 a------- C:\gklrwl.exe
2009-07-01 19:58 39,424 a------- c:\windows\system32\drivers\smss.exe
2009-07-01 19:58 2 a------- C:\-1398567392
2009-07-01 19:58 28,672 a------- c:\windows\ld11.exe
2009-06-30 09:40 <DIR> --d----- C:\Deckard
2009-06-06 20:20 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-06-06 20:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-06 20:12 <DIR> --d----- c:\docume~1\govier\applic~1\DAEMON Tools Pro
2009-06-06 18:07 <DIR> --d----- c:\program files\BitTorrent

==================== Find3M ====================

2009-07-01 14:33 68,625 a------- c:\windows\system32\nvModes.dat
2009-06-06 20:12 721,904 a------- c:\windows\system32\drivers\sptd.sys
2008-08-20 20:11 24,896 a------- c:\docume~1\govier\applic~1\GDIPFONTCACHEV1.DAT
2008-07-12 18:46 0 a--sh--- c:\docume~1\govier\applic~1\0000000000CHEV1.dat
2007-02-14 16:53 56 ---shr-- c:\windows\system32\6929A60EE9.sys
2007-01-14 19:54 88 ---shr-- c:\windows\system32\E90EA62969.sys
2007-02-14 16:53 5,382 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-02 16:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

============= FINISH: 23:28:07.65 ===============