Tech Support Forum - View Single Post - Virus trouble

eightyd11 · 07-11-2009, 01:30 AM

My main problem is that my applications with literally delete themselves. After I install programs a couple hours later when i try to open it again its not there. Usually only a few of essential files are missing. This has happened to me with iTunes, Utorrent, VLC media player, Warcraft III, Stopzilla, and Ventrilo.

At first I wasn't sure if files were actually being deleted or they just weren't being recognized, but I tested it and files literally would be in the folder and then they would disapear (sometimes in the middle of using the application which results in it crashing) Also, it seems to be only the applications that I am using.

When i run virus scans on stopzilla the same ones usually come up even tho stopzilla says it deletes it - one in particular: Haxdoor, heard of it? Antivirus 2009 i believe... i forget the rest. Right when all these viruses showed it is when my troubles started

Any ways. other than this theres nothing too big. Sometimes ill just hear sounds of windows opennin and stuff, sometimes popups will come up and say like application terminated or something. I used to have these files running called a.exe and b.exe but i fixed that i think.

so please help me. thanks.

DDS (Ver_09-06-26.01) - NTFSx86
Run by eightY-D at 23:09:56.39 on 07/09/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.871 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunes.exe
J:\new anki\anki.exe
C:\Documents and Settings\eightY-D\MSPAINT.EXE
C:\Program Files\Garena\Garena.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\eightY-D\Desktop\dds.scr
C:\Documents and Settings\eightY-D\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {1241cf30-a0f6-4a3f-9792-33c1a422bb0b} - c:\windows\system32\efcYRIcC.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f8ac2fc7-67a3-48db-b835-00f0d9b1a7fa} - c:\windows\system32\xxyxUNhH.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DAEMON Tools Lite] "j:\daemon tools lite\damon\daemon.exe" -autorun
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [VundoFixTool] c:\program files\vundofixtool\VundoFixTool.exe -boot
uRun: [msupdate] c:\\phfghd.exe
uRun: [phfghd.exe] c:\users\\appdata\local\microsoft\windows\explorer\phfghd.exe
uRun: [MsAdvisor.exe] c:\users\eighty-d\appdata\local\microsoft\windows\explorer\73485ypedfuer.exe
uRun: [WinUpd32] c:\windows\system32\WinUpd32.exe
uRun: [uTorrent] "j:\utorrent\uTorrent.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mswinlogon] c:\windows\mswinlogon.exe
mRun: [systemupdate] c:\\73485ypedfuer.exe
mRun: [DRam prosessor] jtzosfnt.exe
mRun: [Twormer] c:\windows\system\tworm.exe
mRun: [test] test.exe
mRun: [windowslogin] msnmssngr.exe
mRun: [driver1] driver1.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Adobe Reader Speed Launcher] "j:\akrobate\reader\Reader_sl.exe"
mRunServices: [DRam prosessor] jtzosfnt.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Cognac] c:\windows\temp\b.exe
StartupFolder: c:\docume~1\eighty-d\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users.windows\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyxUNhH

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 Services32;Services32;c:\windows\fonts\winlogon.exe [2009-7-5 68608]
R2 Windows Services Agent;Windows Services Agent;c:\windows\system32\spool\winlogon.exe [2009-7-7 68608]
R3 GarenaPEngine;GarenaPEngine;c:\docume~1\eighty-d\locals~1\temp\YKY157.tmp [2009-7-9 18704]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-2-18 36864]
S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S2 ServicesZ;ServicesZ;"c:\windows\jva\explorerr.exe" --> c:\windows\jva\explorerr.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-07-09 22:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\AIM Toolbar
2009-07-09 22:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Viewpoint
2009-07-09 22:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\acccore
2009-07-09 19:33 376 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-09 19:33 4,056 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-07 19:44 0 a------- c:\windows\ge5vaes5v6.cab
2009-07-07 19:44 0 a------- c:\windows\v6vrs6b7bb.cab
2009-07-07 16:31 69,795 ---sh--- C:\BAYWR.png
2009-07-05 22:13 <DIR> --dsh--- c:\windows\system32\lowsec
2009-07-05 22:13 0 a------- c:\windows\system32\QxXxA.cab
2009-07-05 22:13 0 a------- c:\windows\system32\SxXxC.cab
2009-07-05 22:04 67,584 a------- C:\WINDOWSBOOTs.exe
2009-07-05 22:03 0 a------- c:\windows\libsebfsf.cab
2009-07-05 22:02 <DIR> --dshr-- c:\windows\Jva
2009-07-05 22:02 67,584 a------- C:\WINDOWSBOOT.exe
2009-07-01 20:51 1,024 a------- c:\windows\system32\PDF2IMG.dat
2009-06-28 11:18 200,704 a------- c:\windows\system32\lame_enc.dll
2009-06-28 11:18 <DIR> --d----- c:\program files\Arial CD Ripper
2009-06-19 10:51 <DIR> --d----- c:\program files\AirPort
2009-06-12 07:14 118 a------- c:\windows\system32\MRT.INI
2009-06-11 19:42 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-11 19:42 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-11 19:42 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-11 19:42 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-11 19:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-11 19:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-11 19:42 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-11 19:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-11 19:42 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-11 19:39 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-11 19:39 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-11 19:39 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-07-05 22:12 68,608 ---shr-- c:\windows\fonts\winlogon.exe
2009-07-05 10:36 188 a------- C:\phqgh.exe
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-13 14:00 176,128 a------- C:\nss3.dll
2009-05-13 14:00 159,232 a------- C:\softokn3.dll
2009-05-13 14:00 81,920 a------- C:\FirePassword.exe
2009-05-13 14:00 73,728 a------- C:\nspr4.dll
2009-05-13 14:00 8,704 a------- C:\plc4.dll
2009-05-13 14:00 6,144 a------- C:\plds4.dll
2009-05-13 12:27 405,530 a------- c:\windows\jgjy56yt.exe
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-05-10 12:15 987,136 a------- C:\fomg.exe
2009-05-09 19:19 952,832 a------- C:\b4ooo4ot.exe
2009-05-09 13:12 643,584 ---shr-- c:\windows\test2.exe
2009-05-09 11:51 957,440 a------- C:\messenger.exe
2009-05-09 08:32 952,832 a------- c:\windows\boooot.exe
2009-05-07 19:48 405,530 a------- C:\346yturtkkh.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-23 18:31 135,168 a------- C:\yerhjpeddf.exe
2009-04-23 18:30 135,168 a------- C:\yerhjdf.exe
2009-04-23 18:29 141,312 a------- C:\yerhjhjdf.exe
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 12:34 516,122 ----h--- C:\73485ygjuer.exe
2009-04-15 17:10 401,408 ----h--- C:\yuegyuer.exe
2009-04-15 17:09 401,408 ----h--- c:\windows\cursors\supdate.exe
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 12:00 247,809 a---h--- c:\windows\cursors\lsass.exe
2006-06-24 15:48 32,768 a------- c:\windows\inf\UpdateUSB.exe
1997-05-16 08:52 32,528 a------- c:\documents and settings\eighty-d\OLEPRO32.DLL
1997-05-16 08:52 271,632 a------- c:\documents and settings\eighty-d\MSVCRT.DLL
1997-05-16 08:52 939,792 a------- c:\documents and settings\eighty-d\MFC42U.DLL
1997-05-16 08:52 941,840 a------- c:\documents and settings\eighty-d\MFC42.DLL
1997-05-16 08:52 330,512 a------- c:\documents and settings\eighty-d\MSPAINT.EXE
2009-03-21 19:21 4,668 a--sh--- c:\windows\system32\CcIRYcfe.ini2
2009-03-26 23:04 13,888 a--sh--- c:\windows\system32\HhNUxyxx.ini2
2008-04-13 17:12 399,386 ---shr-- c:\windows\system32\rvjxxmyc.exe

============= FINISH: 23:10:08.39 ===============