Vundo help!

kapa9 · 04-21-2009, 10:39 AM

Problem with Vundo

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kasutaja at 18:05:26,89 on T 21.04.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1257.372.1033.18.1023.349 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\PROGRA~1\Symantec\SYMANT~2\NSCTOP.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Documents and Settings\Kasutaja\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.postimees.ee/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {436e4b2a-fe3f-4164-b724-b2c461fb939d} - c:\windows\system32\exfckmj.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: neti.ee\8851219.la01
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223466595046
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://games.bigfishgames.com/en_chainz2/online/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://games.bigfishgames.com/en_zenerchi/online/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: 5c621d7d577 - c:\windows\system32\dmband32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pzrawxad - exfckmj.dll
AppInit_DLLs: c:\windows\system32\dmband32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 qxoavgsd;qxoavgsd;c:\windows\system32\drivers\qxoavgsd.sys [2004-8-4 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-26 55152]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2008-10-8 15976]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1829616]
R3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [2005-4-4 20269]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-20 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090419.005\naveng.sys [2009-4-20 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090419.005\navex15.sys [2009-4-20 876144]
S3 fsssvc;Windows Live'i pere turvalisus;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-04-21 12:22 3,870,752 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-21 12:22 448,544 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-21 12:22 52,916 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-21 12:22 43,124 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-21 12:10 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-21 12:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-21 10:50 <DIR> --d----- c:\docume~1\kasutaja\applic~1\Malwarebytes
2009-04-21 10:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-21 09:18 <DIR> --d----- c:\program files\Trend Micro
2009-04-20 19:22 <DIR> --d----- C:\_OTMoveIt
2009-04-20 19:07 <DIR> --d----- c:\windows\system32\ext
2009-04-20 09:59 <DIR> --d----- c:\program files\LiveUpdate Administration
2009-04-20 09:55 0 a------- c:\windows\vpc32.INI
2009-04-20 09:49 107,696 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-20 09:49 87,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-20 09:49 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-20 09:36 <DIR> --d----- c:\windows\system32\CBA
2009-04-20 09:36 <DIR> --d----- c:\windows\system32\AMS_II
2009-04-19 19:00 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-19 18:57 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-19 18:57 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-19 18:57 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-19 18:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-19 18:57 <DIR> --d----- c:\program files\AVG
2009-04-19 18:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-19 18:31 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-04-17 11:15 <DIR> --d----- c:\docume~1\kasutaja\applic~1\ihwlrpym
2009-04-17 00:59 827 a------- c:\windows\wininit.ini
2009-04-16 22:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-16 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-16 00:09 <DIR> --d----- c:\program files\Firaxis Games
2009-04-15 23:21 615 a------- c:\windows\system32\Guy4a.vbs
2009-04-15 23:21 615 a------- c:\windows\system32\CDHxZ.vbs
2009-04-13 01:49 <DIR> --d----- c:\program files\MSECache
2009-04-12 23:30 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-04-12 23:29 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-26 20:41 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-26 09:46 <DIR> --d----- c:\documents and settings\kasutaja\Tracing
2009-03-26 09:45 <DIR> --d----- c:\program files\Microsoft
2009-03-26 09:44 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-26 09:42 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-25 09:24 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-25 05:06 <DIR> --d----- C:\8b69346e270982cbe5f63ed8
2009-03-25 05:05 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-22 23:25 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-22 23:25 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-22 23:23 <DIR> --d----- c:\windows\system32\LogFiles

==================== Find3M ====================

2009-03-06 17:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 05:42 50,851 a------- c:\windows\system32\wdh.bin
2009-03-04 21:57 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-03 03:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 21:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 15:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 15:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 15:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 15:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 14:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 14:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 14:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 13:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 22:59 56,832 a------- c:\windows\system32\secur32.dll
2005-04-04 11:21 25,119 ac------ c:\windows\inf\update.exe
2005-04-04 11:21 29,998 ac------ c:\windows\inf\install.exe

============= FINISH: 18

16,21 ===============

**Angelfire777** · 04-22-2009, 01:35 PM

Hi,

*You are operating your computer with multiple Anti Virus programs

Symantec Corporate
AVG

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them and keep only one.

Do you have the GMER log as requested here?

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

If so, please post it. If not, follow the instructions for running GMER in the page above hen post the log.

04-22-2009, 01:35 PM	#2 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,581 OS: Vista	Re: Vundo help! Hi, You are operating your computer with multiple Anti Virus programs Symantec Corporate AVG Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them and keep only one. Do you have the GMER log as requested here? NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help If so, please post it. If not, follow the instructions for running GMER in the page above hen post the log. __________________ UNITE* and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.