Tech Support banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
A mate has a problem withhis notebook, it'd just hang prior to login.
Managed to get into safemode and install spybot and updated AVGfree8.0 with latest defs.
Scanned and stripped out 153 virus/mal/spy varieties.
left with one it couldn't, file' reader_s' and associated reg entries.
sideline issues remained like not able to execute taskmanager in normal or safe mode.
found reader_s will only pop up when internet is present, currently not plugged in, and wireless not enabled. and therefore not found by scans.

when booting into normal state CCC.exe error ...00079. ATI catalyst.
removed this app in attempt to reinstall.
another error occured and automatically shuts down. 'Service.exe error -1073741819.'
also removed ATI VGAdrivers but still no joy.

task man still won't start even if manually executed.
and here I am as only possible solution is to run the scans provided by your service. and allow you to generously provide help t

o the needy.
I understand this is a variety of virtumondo.

see attached


DDS (Ver_09-03-16.01) - FAT32x86 MINIMAL
Run by Administrator at 12:14:05.46 on Wed 22/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1674 [GMT 12:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.asus.com
uURLSearchHooks: Yahoo!Xtra Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo!Xtra Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [SpybotDeletingB6277] command /c del "c:\program files\xppoliceantivirus\bdconf.cfg"
uRunOnce: [SpybotDeletingD8814] cmd /c del "c:\program files\xppoliceantivirus\bdconf.cfg"
uRunOnce: [SpybotDeletingB6299] command /c del "c:\program files\xppoliceantivirus\plugins\vb0.dat"
uRunOnce: [SpybotDeletingD9697] cmd /c del "c:\program files\xppoliceantivirus\plugins\vb0.dat"
uRunOnce: [SpybotDeletingB509] command /c del "c:\program files\xppoliceantivirus\plugins\vb1.dat"
uRunOnce: [SpybotDeletingD5052] cmd /c del "c:\program files\xppoliceantivirus\plugins\vb1.dat"
uRunOnce: [SpybotDeletingB3088] command /c del "c:\program files\xppoliceantivirus\plugins\vb2.dat"
uRunOnce: [SpybotDeletingD4684] cmd /c del "c:\program files\xppoliceantivirus\plugins\vb2.dat"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] "c:\program files\asus\splendid\ACMON.exe"
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Motive SmartBridge] c:\progra~1\telstr~1\smartb~1\MotiveSB.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mExplorerRun: [TXMouie] c:\windows\system32\keepSafe.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\j8ccsgcq.default\

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-14 325128]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-14 27656]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-14 107272]
S1 bkq6c6c;bkq6c6c;c:\windows\system32\drivers\bkq6c6c.sys --> c:\windows\system32\drivers\bkq6c6c.sys [?]
S1 eoo512b;eoo512b;c:\windows\system32\drivers\eoo512b.sys [2009-4-21 17376]
S1 ethfdhvv;ethfdhvv;c:\windows\system32\drivers\ethfdhvv.sys --> c:\windows\system32\drivers\ethfdhvv.sys [?]
S1 ethfkthm;ethfkthm;c:\windows\system32\drivers\ethfkthm.sys --> c:\windows\system32\drivers\ethfkthm.sys [?]
S1 ethftjce;ethftjce;c:\windows\system32\drivers\ethftjce.sys --> c:\windows\system32\drivers\ethftjce.sys [?]
S1 ethgccbw;ethgccbw;c:\windows\system32\drivers\ethgccbw.sys --> c:\windows\system32\drivers\ethgccbw.sys [?]
S1 ethozwga;ethozwga;c:\windows\system32\drivers\ethozwga.sys --> c:\windows\system32\drivers\ethozwga.sys [?]
S1 ethsgpwt;ethsgpwt;c:\windows\system32\drivers\ethsgpwt.sys --> c:\windows\system32\drivers\ethsgpwt.sys [?]
S1 lfr1d6c;lfr1d6c;c:\windows\system32\drivers\lfr1d6c.sys --> c:\windows\system32\drivers\lfr1d6c.sys [?]
S1 nddc1c3;nddc1c3;c:\windows\system32\drivers\nddc1c3.sys --> c:\windows\system32\drivers\nddc1c3.sys [?]
S1 sra1a27;sra1a27;c:\windows\system32\drivers\sra1a27.sys --> c:\windows\system32\drivers\sra1a27.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-14 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-14 298264]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2009-1-15 30208]
S3 enn5897;enn5897;c:\windows\system32\drivers\enn5897.sys --> c:\windows\system32\drivers\enn5897.sys [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\synmini.sys --> c:\windows\system32\drivers\SynMini.sys [?]
S3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\synscan.sys --> c:\windows\system32\drivers\SynScan.sys [?]
S3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-1-29 57344]

=============== Created Last 30 ================

2009-04-22 09:31 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-21 21:08 <DIR> --d----- c:\program files\Yahoo!
2009-04-21 21:08 <DIR> --d----- c:\program files\CCleaner
2009-04-21 21:04 17,376 a------- c:\windows\system32\drivers\eoo512b.sys
2009-04-21 21:04 80 a------- c:\windows\system32\6.tmp
2009-04-21 20:30 35,328 -------- c:\windows\system32\cnfmtbon.jwv
2009-04-21 20:30 80 a------- c:\windows\system32\5.tmp
2009-04-21 19:23 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-21 19:07 <DIR> --d----- c:\program files\SpeedFan
2009-04-21 19:07 45 a------- c:\windows\system32\initdebug.nfo
2009-04-21 19:06 35,328 -------- c:\windows\system32\jaieoaxs.yhf
2009-04-21 19:06 80 a------- c:\windows\system32\4.tmp
2009-04-21 14:54 244 a---h--- C:\sqmnoopt19.sqm
2009-04-21 14:54 232 a---h--- C:\sqmdata19.sqm
2009-04-21 14:54 244 a---h--- C:\sqmnoopt18.sqm
2009-04-21 14:54 232 a---h--- C:\sqmdata18.sqm
2009-04-21 14:51 268 a---h--- C:\sqmdata16.sqm
2009-04-21 14:51 244 a---h--- C:\sqmnoopt17.sqm
2009-04-21 14:51 244 a---h--- C:\sqmnoopt16.sqm
2009-04-21 14:51 232 a---h--- C:\sqmdata17.sqm
2009-04-21 14:51 268 a---h--- C:\sqmdata15.sqm
2009-04-21 14:51 244 a---h--- C:\sqmnoopt15.sqm
2009-04-21 14:51 268 a---h--- C:\sqmdata14.sqm
2009-04-21 14:51 244 a---h--- C:\sqmnoopt14.sqm
2009-04-21 14:51 268 a---h--- C:\sqmdata13.sqm
2009-04-21 14:51 244 a---h--- C:\sqmnoopt13.sqm
2009-04-21 14:46 244 a---h--- C:\sqmnoopt12.sqm
2009-04-21 14:46 232 a---h--- C:\sqmdata12.sqm
2009-04-21 14:46 244 a---h--- C:\sqmnoopt11.sqm
2009-04-21 14:46 232 a---h--- C:\sqmdata11.sqm
2009-04-21 14:46 244 a---h--- C:\sqmnoopt10.sqm
2009-04-21 14:46 232 a---h--- C:\sqmdata10.sqm
2009-04-21 14:46 244 a---h--- C:\sqmnoopt09.sqm
2009-04-21 14:46 232 a---h--- C:\sqmdata09.sqm
2009-04-21 14:39 244 a---h--- C:\sqmnoopt08.sqm
2009-04-21 14:39 232 a---h--- C:\sqmdata08.sqm
2009-04-21 14:39 244 a---h--- C:\sqmnoopt07.sqm
2009-04-21 14:39 232 a---h--- C:\sqmdata07.sqm
2009-04-21 14:39 244 a---h--- C:\sqmnoopt06.sqm
2009-04-21 14:39 244 a---h--- C:\sqmnoopt05.sqm
2009-04-21 14:39 232 a---h--- C:\sqmdata06.sqm
2009-04-21 14:39 232 a---h--- C:\sqmdata05.sqm
2009-04-21 14:36 244 a---h--- C:\sqmnoopt04.sqm
2009-04-21 14:36 232 a---h--- C:\sqmdata04.sqm
2009-04-21 14:36 244 a---h--- C:\sqmnoopt03.sqm
2009-04-21 14:36 232 a---h--- C:\sqmdata03.sqm
2009-04-21 14:12 244 a---h--- C:\sqmnoopt02.sqm
2009-04-21 14:12 232 a---h--- C:\sqmdata02.sqm
2009-04-21 14:12 244 a---h--- C:\sqmnoopt01.sqm
2009-04-21 14:12 232 a---h--- C:\sqmdata01.sqm
2009-04-21 14:08 80 a------- c:\windows\system32\3.tmp
2009-04-21 13:52 320 a------- c:\windows\wininit.ini
2009-04-21 13:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-21 13:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-21 12:54 80 a------- c:\windows\system32\2.tmp
2009-04-09 21:36 0 a------- c:\windows\system32\100.tmp
2009-04-09 21:36 154,112 a------- c:\windows\system32\FD.tmp
2009-04-09 21:36 124 a------- c:\windows\system32\FC.tmp
2009-03-27 20:13 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2009-03-27 20:13 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-03-27 20:00 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-27 20:00 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-27 20:00 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-27 20:00 15,104 a------- c:\windows\system32\dllcache\usbscan.sys

==================== Find3M ====================

2009-04-21 14:10 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-21 14:08 90,112 a------- c:\windows\DUMP473a.tmp
2009-03-22 02:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-02-18 19:07 65,536 a------- c:\windows\system32\acovcnt.exe
2009-02-10 16:18 1,370 a------- c:\program files\DOWNLOAD_INSTALL.LOG
2009-02-10 00:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-10 00:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-10 00:11 155,995 a------- c:\windows\java\packages\E3RVJDNN.ZIP
2009-02-10 00:11 2,232 a------- c:\windows\java\packages\data\TFX3VBZ5.DAT
2009-02-10 00:11 2,678 a------- c:\windows\java\packages\data\6H7VLV7N.DAT
2009-02-10 00:11 2,678 a------- c:\windows\java\packages\data\MFHZ1VLB.DAT
2009-02-10 00:11 2,678 a------- c:\windows\java\packages\data\JLJPV1RJ.DAT
2009-02-10 00:11 2,678 a------- c:\windows\java\packages\data\FJ5NHBNJ.DAT
2009-02-10 00:11 2,678 a------- c:\windows\java\packages\data\B7ZLNJF3.DAT
2009-02-04 07:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-04 07:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-29 14:25 10,520 a------- c:\windows\system32\avgrsstx.dll

============= FINISH: 12:14:58.25 ===============
 

Attachments

·
Registered
Joined
·
559 Posts
Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

With Regards,
Extremeboy
 

·
Registered
Joined
·
559 Posts
1 - 3 of 3 Posts
Status
Not open for further replies.
Top