|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
03-17-2009, 12:11 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 1
OS: xp
|
avg res shield cannot heal ?
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 19:17:54.35 on Tue 03/17/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.136 [GMT 5.5:30] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\DOS2USB\DOS2USB.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll mWinlogon: SfcDisable=-99 (0xffffff9d) uWindows: load= c:\tcwin45\pipeline\remind.exe c:\tcwin45\pipeline\\remind.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpee.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [DOS2USB] c:\program files\dos2usb\DOS2USB.exe uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) uPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: StartMenuFavorites = 0 (0x0) mPolicies-explorer: Start_ShowMyComputer = 1 (0x1) mPolicies-explorer: Start_ShowMyDocs = 1 (0x1) mPolicies-explorer: Start_ShowMyMusic = 0 (0x0) mPolicies-explorer: Start_ShowRun = 1 (0x1) mPolicies-explorer: Start_ShowSearch = 0 (0x0) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoSMMyPictures = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) dPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: {23E34534-1FF0-4296-9677-0BF6A9618A7E} = 218.248.240.79 218.248.240.135 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bjbnm1q5.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-15 325640] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-4 27656] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-15 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-15 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-15 298264] S3 yqfprhqr;yqfprhqr;\??\c:\windows\system32\drivers\yqfprhqr.sys --> c:\windows\system32\drivers\yqfprhqr.sys [?] =============== Created Last 30 ================ 2009-03-16 20:15 <DIR> --d----- c:\program files\CivIV super download 2009-03-16 19:27 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-03-15 21:59 <DIR> --d-h--- c:\windows\PIF 2009-03-15 20:53 107,912 a------- c:\windows\system32\drivers\avgtdix.sys 2009-03-15 20:53 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-03-15 20:53 325,640 a------- c:\windows\system32\drivers\avgldx86.sys 2009-03-15 20:53 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-03-15 20:53 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVGTOOLBAR 2009-03-15 20:53 <DIR> --d----- c:\program files\AVG 2009-03-15 20:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-03-10 05:29 <DIR> --d----- c:\program files\Panicware 2009-03-06 01:02 19,327 a------- c:\windows\system32\lpt2cap.vxd 2009-03-06 01:02 19,327 a------- c:\windows\system32\dos2usb.vxd 2009-03-06 01:02 8,386 a------- c:\windows\system32\GSN.vxd 2009-03-06 01:02 1,851 a------- c:\windows\system32\xpdrvr.exe 2009-03-06 01:02 <DIR> --d----- c:\program files\DOS2USB 2009-03-04 18:00 <DIR> --d----- c:\program files\Printfil 2009-02-21 19:42 <DIR> --d----- c:\program files\Conduit 2009-02-21 19:42 <DIR> --d----- c:\program files\SpeedBitPlus 2009-02-21 19:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit 2009-02-21 19:42 479,298 a------- c:\windows\system32\wbocx.ocx 2009-02-21 19:42 172,032 a------- c:\windows\system32\AniGIF.ocx 2009-02-21 19:42 50,688 a------- c:\windows\system32\wbhelp2.dll 2009-02-21 19:42 <DIR> --d----- c:\program files\DAP 2009-02-19 15:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\GreenPrint ==================== Find3M ==================== 2008-09-20 10:10 10,534 ac------ c:\documents and settings\all users\rndismp.sys ============= FINISH: 19:18:12.12 =============== "Trojan horse BackDoor.Generic4.JWF";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163153.sys";"Infected";"3/17/2009, 6:36:53 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic4.JWF";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163153.sys";"Moved to Virus Vault";"3/17/2009, 6:10:02 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157676.exe";"Moved to Virus Vault";"3/17/2009, 4:51:59 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"D:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157675.exe";"Moved to Virus Vault";"3/17/2009, 4:18:40 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic4.JWF";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163152.sys";"Infected";"3/16/2009, 11:24:24 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic4.JWF";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP197\A0163152.sys";"Moved to Virus Vault";"3/16/2009, 10:24:03 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0158684.exe";"Moved to Virus Vault";"3/16/2009, 9:23:20 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 7:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 6:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 5:24:24 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Infected";"3/16/2009, 4:23:19 PM";"file";"C:\WINDOWS\system32\svchost.exe" "Trojan horse BackDoor.Generic3.SDV";"C:\System Volume Information\_restore{14260F44-3C91-4338-ACEF-2C840D1F102C}\RP195\A0157674.exe";"Moved to Virus Vault";"3/16/2009, 4:15:36 PM";"file";"C:\WINDOWS\system32\svchost.exe" It looks to me that svchost is defective, & restoring some kind of trojan, so if that's true, how do I fix? Thanx |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-19-2009, 08:00 AM
|
#2 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,228
OS: XP SP3
|
Re: avg res shield cannot heal ?
Hello and Welcome to TSF.
We need to see all 3 logs in order to help you. Please turn off Word Wrap in Notepad under the Format tab before posting logs in the forum. Thanks. ------------------------------------------------------ Please follow our pre-posting process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. ------------------------------------------------------ |
|
|
|
|
| Thread Tools | |
|
|
