Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
I was getting this error constantly with avira and it copies files into

windows/temp dir. the are not deletable...

perflib_perfdata1c0.dat


a bunch of files like that about 20 or so i cant delete.

any help is appriciated :)

I Run virus scan by Avira and it does not find the Crypt anymore only when I connect to internet it pops up the Guard warning.

I used Trojan Remover (simpy super software)payed version...--and it found a trojan and fixed not being able to open regedit.
but I cant open the log file to post it.


the program DDS crashes everytime I try and run it all the way through...:(

about 10-20 entrys pop up...and crash...ive tryed doing it again like 4 times.
-




DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 2:11:55.43 on Sat 12/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2436 [GMT 5.5:30]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Documents and Settings\Administrator\My Documents\My Music\Jan 2010\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Audio Kontrol 1] c:\program files\native instruments\audio kontrol 1\Audio Kontrol 1.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\187ixpqb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9051
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\187ixpqb.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-1 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-27 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-27 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-27 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-27 56816]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-8-25 220128]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-5-30 5120]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-9-15 517632]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]
S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-8-12 46824]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
S3 ak1avs;ak1avs;c:\windows\system32\drivers\ak1avs.sys [2009-11-18 25600]
S3 ak1usb;ak1usb;c:\windows\system32\drivers\ak1usb.sys [2009-11-18 186368]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-10 1684736]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-3-10 105472]
S3 MAUSBRI;M-Audio Fast Track Ultra Service;c:\windows\system32\drivers\mausbftu.sys [2009-7-11 135944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

=============== Created Last 30 ================

2009-12-19 18:06:25 56410 ----a-w- C:\MGlogs.zip
2009-12-19 18:06:22 0 d-----w- C:\MGtools
2009-12-11 13:07:14 0 d-----w- C:\.mtvconvertertmp
2009-12-07 13:31:49 0 d-----w- c:\program files\Xobni
2009-12-07 13:31:41 0 d-----w- c:\program files\Ask.com
2009-12-07 13:31:17 0 d-----w- c:\program files\Pando Networks
2009-12-03 21:30:51 0 d-----w- c:\windows\system32\KB905474
2009-12-03 09:10:50 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-12-03 09:10:39 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 09:10:37 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-03 09:08:08 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-02 22:45:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-02 22:45:38 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-02 22:45:38 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-01 13:52:48 0 d-----w- C:\_OTM
2009-12-01 13:17:38 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-01 13:16:46 0 d-----w- c:\program files\Panda Security
2009-12-01 13:12:59 0 d-sha-r- C:\autorun.inf
2009-11-29 06:34:11 0 d-----w- c:\program files\[email protected]
2009-11-29 06:34:11 0 d-----w- c:\program files\common files\Gibinsoft Shared
2009-11-27 15:41:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-27 15:41:32 0 d-----w- c:\program files\Avira
2009-11-27 15:41:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-11-25 02:27:22 0 d-----w- c:\program files\Spectrasonics
2009-11-22 23:01:13 0 d-----w- c:\program files\CCleaner
2009-11-18 23:17:47 0 d-----w- c:\docume~1\admini~1\applic~1\AVG8

==================== Find3M ====================

2009-11-29 16:16:53 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-07 04:57:53 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 23:06:50 45052 ----a-w- c:\windows\fonts\Graffiti.ttf
2009-10-23 23:06:26 102128 ----a-w- c:\windows\fonts\Aerosol.ttf
2009-10-23 23:02:42 21036 ----a-w- c:\windows\fonts\Tribal Funk.ttf
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 2:13:30.85 ===============
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top