Tech Support Forum - View Single Post

Wheezy · 07-10-2009, 12:02 AM

I was browsing my regular websites when I saw the dreaded two-second flash of Adobe powering up. Then the "Thread Detected" message from AVG popped up. I haven't detected any real problems with my computer (I can still access everything normally, normal loading times, etc.), but I want to clean up the virus before it gets dangerous.

=========================================================

DDS (Ver_09-06-26.01) - NTFSx86
Run by Wheezy at 22:27:00.09 on Thu 07/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2066 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Steam\Steam.exe
C:\DOWNLOADS\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\******\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://minnesota.twins.mlb.com/index.jsp?c_id=min
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\downlo~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {c33dad78-bc65-4546-9016-b27b8e4db416} - c:\windows\system32\nubukagi.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Fraps] c:\downloads\fraps\FRAPS.EXE
mRun: [QuickTime Task] "c:\program files\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [rafuwupagu] Rundll32.exe "c:\windows\system32\defanedi.dll",s
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\betawako.dll
LSA: Notification Packages = scecli c:\windows\system32\betawako.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shelli~1\applic~1\mozilla\firefox\profiles\kuae1v1r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.thesporecommunity.com/forums.php
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\plugins\npqtplugin.dll
FF - plugin: c:\program files\plugins\npqtplugin2.dll
FF - plugin: c:\program files\plugins\npqtplugin3.dll
FF - plugin: c:\program files\plugins\npqtplugin4.dll
FF - plugin: c:\program files\plugins\npqtplugin5.dll
FF - plugin: c:\program files\plugins\npqtplugin6.dll
FF - plugin: c:\program files\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-2 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Drivsheer x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-2 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-2 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-7-30 56576]

=============== Created Last 30 ================

2009-07-09 02:29 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-22 20:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

==================== Find3M ====================

2009-07-09 21:18 50,176 a--sh--- c:\windows\system32\momanala.dll
2009-06-22 20:19 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 20:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 10:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-27 04:29 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-04-17 04:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 04:58 1,846,656 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:11 584,192 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-01-15 02:49 1,498 a------- c:\program files\Calculator.lnk
2007-06-29 06:25 574,784 ac------ c:\program files\QTPlugin.ocx
2007-06-29 06:25 6,124,864 a------- c:\program files\QuickTimePlayer.exe
2007-06-29 06:25 303,104 ac------ c:\program files\QTUIPanelControl.dll
2007-06-29 06:25 749,568 ac------ c:\program files\QTOControl.dll
2007-06-29 06:25 684,032 ac------ c:\program files\QTOLibrary.dll
2007-06-29 06:25 618,496 ac------ c:\program files\QTInfo.exe
2007-06-29 06:25 8,612 ac------ c:\program files\QuickTime Read Me.htm
2007-06-29 06:24 55,622 ac------ c:\program files\Sample.mov
2007-06-29 06:24 18,663 ac------ c:\program files\Sample.qtif
2007-06-29 06:24 286,720 a------- c:\program files\QTTask.exe
2007-06-29 06:24 483,328 ac------ c:\program files\PictureViewer.exe
2006-10-21 16:54 152 ---shr-- c:\windows\system32\11D43EA203.sys
2009-04-09 21:18 50,176 a--sh--- c:\windows\system32\betawako.dll
2009-04-09 21:18 50,176 a--sh--- c:\windows\system32\defanedi.dll
2006-10-21 16:54 7,520 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-09 21:18 50,176 a--sh--- c:\windows\system32\nubukagi.dll

============= FINISH: 22:27:38.18 ===============