fitheo

Hello and thank you for being here.
I am very appreciative that I can sign up and post to a forum where someone smart will look over my problem. It makes me happy with humanity.

The computer is my sibling's, a dell latitude D820 running XP SP2. Some viruses (names unknown to myself) were removed a while ago. Since then the video has been messed up, slow page scrolling, error from the VGA adapter in device manager, etc. The NVIDIA driver from dell would not install. The AVG program will not load or uninstall. Any internet search or site access to places which may help the problem crash the web browser. The windows uninstall utility cannot uninstall CyberDefender Early Detection Center. Limewire and uTorrent were recently removed. When a flash drive is plugged in, a greyed out file named m.exe (158kb) is loaded without notification. This was caught by a "clean" computer by AVG as a "Trojan horse Generic13.IDF"
That is all I can describe right now.
Thank you again.
Fitheo


DDS (Ver_09-11-24.02) - NTFSx86
Run by Mary at 0:33:09.54 on Fri 11/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.590 [GMT -8:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {387427EE-AF44-44EB-A43F-6EF8A838C0D9}
AV: AVG 7.5.552 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Mary\Mary.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ALO: {506cd401-5203-4b27-bb5a-03c97758fd02} - c:\windows\system32\lastmon.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: ORBta: {ada8c222-95d2-47b5-950b-aebc0a508839} - c:\windows\system32\spria.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Maniqute: {f70f6880-3a4b-11de-8230-0b7c55d89593} - c:\windows\system32\kusers.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\mary\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\windows\temp\E_S7B.tmp" /EF "HKCU"
uRun: [Mary] c:\documents and settings\mary\Mary.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\boggle\images\stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200168490203
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\boggle\images\armhelper.ocx
Notify: affdcdeddfca - c:\windows\system32\affdcdeddfca.dll
Notify: ddedbeffacfbec - c:\windows\system32\ddedbeffacfbec.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: InternetConnection - {FE5792EC-14F6-455A-B555-4604EC1ACFF0} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\olxuxreghp.dll
SSODL: ieModule - {6D97FB17-F8C1-408F-A382-558C5D348919} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mary\applic~1\mozilla\firefox\profiles\bhta73sh.default\
FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-5 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S0 2907bdfa0c88bfbd6386d89054e91518;2907bdfa0c88bfbd6386d89054e91518;c:\windows\system32\2907bdfa0c88bfbd6386d89054e91518.sys --> c:\windows\system32\2907bdfa0c88bfbd6386d89054e91518.sys [?]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-1-11 67424]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-27 08:32:42 2018 ----a-w- c:\documents and settings\mary\LXLQNWUHR.exe
2009-11-27 08:32:30 40960 --sh--r- c:\documents and settings\mary\Mary.exe
2009-11-27 00:04:59 0 d-----w- c:\docume~1\mary\applic~1\Dell
2009-11-27 00:04:48 61440 ----a-w- c:\windows\system32\KPower.dll
2009-11-27 00:04:48 307200 ----a-w- c:\windows\system32\BMAPI.dll
2009-11-27 00:04:48 233472 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2009-11-27 00:03:30 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2009-11-27 00:02:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-11-27 00:02:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-27 00:01:26 0 d-----w- c:\program files\DellTPad
2009-11-27 00:01:17 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-11-27 00:01:17 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-11-27 00:01:16 100418 ----a-w- c:\windows\system32\Vxdif.dll
2009-11-26 21:40:14 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D820.MRK
2009-11-26 21:40:14 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D820.MRK
2009-11-26 21:39:16 78720 -c----w- c:\windows\system32\dllcache\sdbus.sys
2009-11-26 21:39:16 12032 -c----w- c:\windows\system32\dllcache\sffdisk.sys
2009-11-26 21:39:16 11008 -c----w- c:\windows\system32\dllcache\sffp_sd.sys
2009-11-26 21:39:16 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-11-26 21:39:16 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-11-26 21:34:21 666 ----a-w- c:\windows\speed.reg
2009-11-26 21:17:39 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-26 20:44:23 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-23 19:43:52 193042 ----a-w- c:\windows\system32\lastmon.dll
2009-11-06 02:51:10 0 d-----w- c:\documents and settings\mary\Tracing
2009-11-06 01:45:38 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-06 01:44:04 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-06 01:43:53 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-06 01:41:19 0 d-----w- c:\program files\Microsoft
2009-11-06 01:41:04 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 01:13:44 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-11-21 00:22:18 32896 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-01-12 02:13:42 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 0:33:36.40 ===============

Attached Files

Attach.zip (7.2 KB, 1 views)

CatByte

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

amateur

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html