TechSpot

Trojan Horse Crypt.aqlw

Inactive
By JoshChe
Apr 19, 2012
Topic Status:
Not open for further replies.
  1. Hi, AVG keeps coming up with infected .dll files, executables and others. I've run AVG and Avast scans to no avail. I keep seeing this "trojan horse crypt.aqlw" coming up. If anyone has some time to help, I would greatly appreciate it. Here are the log files from the 5 step instructions sticky:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.19.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    josh :: JOSH-PC [administrator]

    20/04/2012 1:07:59 PM
    mbam-log-2012-04-20 (13-07-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 182488
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCU\SOFTWARE\65MWRMP54G (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)
     
  2. JoshChe

    JoshChe TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-20 13:19:42
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-60UST0 rev.01.01A01
    Running: Gmer.exe; Driver: C:\Users\josh\AppData\Local\Temp\kxldypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E751F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E751F8
    Device \Driver\atapi \Device\Ide\IdePort0 84E751F8
    Device \Driver\atapi \Device\Ide\IdePort1 84E751F8
    Device \Driver\atapi \Device\Ide\IdePort2 84E751F8
    Device \Driver\atapi \Device\Ide\IdePort3 84E751F8
    Device \Driver\atapi \Device\Ide\IdePort4 84E751F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E761F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel1 84E761F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel2 84E761F8
    Device \Driver\a7x2r69z \Device\Scsi\a7x2r69z1 8600D1F8
    Device \FileSystem\Ntfs \Ntfs 84E781F8
    Device \FileSystem\fastfat \Fat 93EE91F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. JoshChe

    JoshChe TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by josh at 13:34:37 on 2012-04-20
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2046.974 [GMT 10:00]
    .
    AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "c:\users\josh\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 203.161.169.200 8.8.8.8
    TCP: Interfaces\{A86C40FD-E9CC-4337-B944-7624C60B6BE3} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{BC37C831-F33B-4EC1-BC1D-018B1088CA9C} : DhcpNameServer = 203.161.169.200 8.8.8.8
    TCP: Interfaces\{BC37C831-F33B-4EC1-BC1D-018B1088CA9C}\2456C6B696E6F574F505C65737F5D494D4F4F5833493440364 : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-28 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-28 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-28 29712]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-28 243152]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-29 308136]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400]
    S4 NVDCPservice;Neevia Document Converter Pro COM object;c:\program files\neevia.com\docconverterpro\comobjs\dcCOM.dll [2011-11-9 380312]
    S4 oldDCPservice;Neevia Document Converter Pro old COM object;c:\program files\neevia.com\docconverterpro\comobjs\old\docConverter.dll [2011-11-9 325024]
    .
    =============== Created Last 30 ================
    .
    2012-04-20 03:07:16--------d-----w-c:\users\josh\appdata\roaming\Malwarebytes
    2012-04-20 03:07:11--------d-----w-c:\programdata\Malwarebytes
    2012-04-20 03:07:1022344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-20 03:07:09--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-04-20 02:51:04--------d-----w-C:\TDSSKiller_Quarantine
    2012-04-20 02:00:37--------d-----w-c:\programdata\AVAST Software
    2012-04-20 02:00:37--------d-----w-c:\program files\AVAST Software
    2012-04-16 05:47:09--------d-----w-C:\c81fbdf6c4f08a9400
    2012-04-16 05:46:575120----a-w-c:\windows\system32\wmi.dll
    2012-04-16 05:46:5719824----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-04-16 05:46:57172544----a-w-c:\windows\system32\wintrust.dll
    2012-04-16 05:46:57159232----a-w-c:\windows\system32\imagehlp.dll
    2012-04-16 05:46:403968368----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-04-16 05:46:403913072----a-w-c:\windows\system32\ntoskrnl.exe
    2012-04-11 07:07:02--------d-----w-c:\users\josh\appdata\roaming\QuickScan
    2012-04-06 23:46:160--sha-w-c:\windows\system32\dds_trash_log.cmd
    2012-04-06 23:38:37--------d-----w-c:\program files\Doremisoft
    2012-04-06 23:34:32--------d-----w-c:\programdata\Emicsoft Studio
    2012-04-06 23:34:21--------d-----w-c:\program files\Emicsoft Studio
    .
    ==================== Find3M ====================
    .
    2012-04-20 02:52:18388096----a-w-c:\windows\system32\drivers\csc.sys
    2012-02-17 05:34:22826880----a-w-c:\windows\system32\rdpcore.dll
    2012-02-17 04:14:08183808----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13:2224576----a-w-c:\windows\system32\drivers\tdtcp.sys
    2012-02-10 05:38:431077248----a-w-c:\windows\system32\DWrite.dll
    2012-02-07 01:02:401070352----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 03:54:272343424----a-w-c:\windows\system32\win32k.sys
    2012-01-25 05:32:3558880----a-w-c:\windows\system32\rdpwsx.dll
    2012-01-25 05:32:34129536----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:27:518192----a-w-c:\windows\system32\rdrmemptylst.exe
    .
    ============= FINISH: 13:34:53.89 ===============
     
  4. JoshChe

    JoshChe TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/08/2010 10:38:26 PM
    System Uptime: 20/04/2012 1:04:57 PM (0 hours ago)
    .
    Motherboard: Quanta | | 30D2
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 131.083 GiB free.
    D: is FIXED (NTFS) - 0 GiB total, 0.059 GiB free.
    E: is CDROM ()
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart B110 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart B110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CC103C&REV_12\4&1D9D6A4A&0&4AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CC103C&REV_12\4&1D9D6A4A&0&4AF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CC103C&REV_12\4&1D9D6A4A&0&4BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CC103C&REV_12\4&1D9D6A4A&0&4BF0
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    Audacity 1.2.6
    AVG 9.0
    B110
    Birdie EML to PDF Converter
    BufferChm
    CCleaner
    Destinations
    DeviceDiscovery
    DivX Setup
    Document Converter Pro v6.0
    DVD Shrink 3.2
    DVDFab 7.0.3.0 (26/03/2010)
    e-tax 2011
    Foxit Reader
    FreeSpace 2
    Gemini Rue Demo version 1.0
    Google Chrome
    HP Imaging Device Functions 14.0
    HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    HPAppStudio
    HPPhotoGadget
    ImgBurn
    Incinerations version 1.0
    Java Auto Updater
    Java(TM) 6 Update 29
    K-Lite Codec Pack 7.6.0 (Standard)
    Kernel EML Viewer ver 11.05.01
    Logitech Harmony Remote Software
    Malwarebytes Anti-Malware version 1.61.0.1400
    MessageViewer Lite
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenAL
    Outlook Express Attachment Extractor 1.62
    PowerISO
    PS_AIO_07_B110_SW_Min
    PVSonyDll
    QT Lite 3.1.0
    QuickTransfer
    Realtek High Definition Audio Driver
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Space Quest 2 VGA 1.1
    Status
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    TVersity Codec Pack 1.7
    TVersity Media Server 1.9.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.9
    VOB2MPG v3
    Vohaul Strikes Back version 1.0.3.0
    Vuze
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    wxLauncher
    Xiph.Org Open Codecs 0.85.17777
    Yahoo! Detect
    YouTube Downloader 3.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/04/2012 12:45:06 PM, Error: Service Control Manager [7023] - The Ndasscsi service terminated with the following error: Access is denied.
    20/04/2012 12:44:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    20/04/2012 12:44:07 PM, Error: Service Control Manager [7023] - The Db2licd service terminated with the following error: Access is denied.
    20/04/2012 12:43:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    20/04/2012 12:43:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    20/04/2012 12:43:18 PM, Error: Service Control Manager [7023] - The Dktknsrv service terminated with the following error: Access is denied.
    20/04/2012 12:43:17 PM, Error: Service Control Manager [7023] - The VAIOMediaPlatform-MusicServer-HTTP service terminated with the following error: Access is denied.
    20/04/2012 12:43:17 PM, Error: Service Control Manager [7023] - The Pwd_2K service terminated with the following error: Access is denied.
    20/04/2012 12:41:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 12:01:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    20/04/2012 11:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    20/04/2012 11:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    20/04/2012 11:51:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    20/04/2012 11:51:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    20/04/2012 11:50:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    20/04/2012 11:50:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    20/04/2012 11:50:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20/04/2012 11:50:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd tdx Wanarpv6 WfpLwf
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    20/04/2012 11:50:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2012 11:49:56 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    20/04/2012 11:47:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IntuitUpdateService service to connect.
    20/04/2012 1:15:59 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    20/04/2012 1:05:49 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The USB_RNDIS service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Snare service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The SE26mdfl service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Ndisip service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The MREMP50a64 service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The MA8032M service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Hsf_dp service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The EPSON_EB_RPCV4_01 service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Db2licd service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Cwafnotesservice service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Cpucoolserver service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Clientservice service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Apphostsvc service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7023] - The Agpcpq service terminated with the following error: The specified module could not be found.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    20/04/2012 1:05:30 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    16/04/2012 4:07:27 PM, Error: Service Control Manager [7023] - The S125mdfl service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Good Morning! I'll be glad to help with the malware. While I review these logs, you can go ahead and run the following as I see some entries that will need removing.
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =============-=====================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
    =================================================
    Please leave the logs in your next reply, Include description on any problem you are having with the system that may be related.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.