Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 · (Edited)
Alright. I'm hoping I do this correctly. I tried to follow all the steps that were outlined. Basically, my girlfriend used my computer for a few weeks while I was abroad and now I'm having terrible troubles. I had AVG and it recognized a few trojans on my computer. Not being able to clean them, I uninstalled and downloaded a trial of Bit Defender, as I heard it was the best anti-virus available. It finds many many trojans but says that the files are not accessable...or something to that effect. I get a little pop up ever few minutes from Bit Defender saying it's blocking the viruses, but my CPU is being chewed up severely and I can do very few things. Here is the file I am suppose to paste and hopefully I can figure out how to attach what is needed. Thank you to any that might be able to help me.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Casey at 17:55:49.73 on Mon 05/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1108 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SIMU\SGE\SGETask.Exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\PsiNet Sage\PsiNet2.exe
C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\Casey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {960a9105-6320-333a-2e84-c1fd82f4b5b3}: {3b5b4f28-df1c-48e2-a333-02365019a069} - c:\windows\system32\oxhzrv.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\rqRkkifc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {da1d9a3d-98fe-491e-8cc4-0d84a7c1b718} - c:\windows\system32\urqPhhGX.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [78075964] rundll32.exe "c:\windows\system32\oidjybqp.dll",b
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\docume~1\casey\startm~1\programs\startup\anapod~1.lnk - c:\program files\red chair software\anapod explorer\anamgr.exe
StartupFolder: c:\documents and settings\casey\start menu\programs\startup\santa.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sgetask.lnk - c:\program files\simu\sge\SGETask.Exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232882236742
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: rqRkkifc - rqRkkifc.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\rqRkkifc.dll
SEH: {0a790751-381b-0d0b-ab14-c8fb6252b899}: {998b2526-bf8c-41ba-b0d0-b183157097a0} - c:\windows\system32\oxhzrv.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqPhhGX

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\casey\applic~1\mozilla\firefox\profiles\5vxw7c4q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\casey\application data\mozilla\firefox\profiles\5vxw7c4q.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-8 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-25 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-1-25 104328]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-1-25 26272]
S2 gupdate1c98e068f2b264c;Google Update Service (gupdate1c98e068f2b264c);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 aaudstum;aaudstum;c:\docume~1\casey\locals~1\temp\aaudstum.sys [2007-6-21 29696]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-04-29 13:32 <DIR> --d----- c:\program files\CrossLoop
2009-04-27 07:15 947 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-27 05:35 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-27 05:35 385 a------- c:\windows\system32\user_gensett.xml
2009-04-27 05:31 <DIR> --d----- c:\docume~1\casey\applic~1\BitDefender
2009-04-27 05:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-27 03:54 <DIR> --d----- c:\program files\PsiNet Sage
2009-04-27 03:52 1,427,545 a--sh--- c:\windows\system32\pqbyjdio.ini
2009-04-27 00:15 1,406,743 a--sh--- c:\windows\system32\mwwkhfrf.ini
2009-04-26 12:15 1,406,730 a--sh--- c:\windows\system32\jafyfgrm.ini
2009-04-26 00:18 12,856 a------- c:\windows\system32\vatpcslx.dll
2009-04-25 12:18 12,856 a------- c:\windows\system32\faueemfn.dll
2009-04-25 12:15 17,236 a------- c:\windows\system32\jomtldvg.dll
2009-04-25 00:18 17,236 a------- c:\windows\system32\ldcgnoon.dll
2009-04-25 00:15 39,136 a------- c:\windows\system32\fkohihhe.dll
2009-04-24 12:15 1,406,730 a--sh--- c:\windows\system32\luyqlkiy.ini
2009-04-23 12:12 1,406,970 a--sh--- c:\windows\system32\cldoliio.ini
2009-04-23 12:12 1,649 a--sh--- c:\windows\system32\XGhhPqru.ini2
2009-04-23 12:12 1,649 a--sh--- c:\windows\system32\XGhhPqru.ini
2009-04-23 12:12 237,568 a------- c:\windows\system32\urqPhhGX.dll
2009-04-23 12:06 36,352 a------- c:\windows\system32\rqRkkifc.dll
2009-04-20 16:34 <DIR> --d----- c:\program files\VirtualDJ
2009-04-16 14:35 <DIR> --d----- c:\docume~1\casey\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-04-16 14:35 <DIR> --d----- c:\program files\TweetDeck
2009-04-11 16:24 81,984 a------- c:\windows\system32\bdod.bin
2009-04-11 16:24 121 a------- c:\windows\bdagent.INI
2009-04-11 16:19 <DIR> --d----- c:\program files\BitDefender
2009-04-11 16:18 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-08 18:51 <DIR> --d----- c:\program files\GameSpy Arcade

==================== Find3M ====================

2009-04-24 23:08 24,808 a------- c:\docume~1\casey\applic~1\addons.dat
2009-04-07 07:51 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-16 15:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-04 08:05 71,790,408 a------- c:\windows\system32\avg_ipw_stf_g7_8_237a1428.exe
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 17:57:41.42 ===============
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Bitdefender:

http://www.gsd.k12.ms.us/techdocs/disbd.htm

Please include the C:\ComboFix.txt in your next reply for further review.
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
1 - 3 of 3 Posts
Status
Not open for further replies.
Top