Hello,
I think I saw another thread in this forum detailing a similar problem, but since I don't seem to have posting rights there I decided to create a thread of my own. Logs from two programs were asked for in that thread, so I've attempted to have them available before posting. The "awsMBR" log file is provided below, abut sadly I wasn't able to get "BTKR_RunBox" to run. After it downloads the files it needs I am prompted to press any key, and when I do so it downloads again and prompts me to press any key, this continues endlessly.
The symptoms of my problem: AVG Free anti-virus continues to identify and remove files which are classified as "Trojan Horse Crypt.AQLW" from time to time. The names of the files vary, but most are detected in the "Windows\system32\" directory. Other than that my system is currently operational, albeit occasionally appears to be slowed down. I'd appreciate help with the issue before it gets any worse.
The "awsMBR" log:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-25 23:10:34
-----------------------------
23:10:34.937 OS Version: Windows 5.1.2600 Service Pack 3
23:10:34.937 Number of processors: 2 586 0x207
23:10:34.937 ComputerName: MAX UserName: Ma
23:10:36.515 Initialize success
23:13:10.015 AVAST engine defs: 12022502
23:13:19.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:13:19.984 Disk 0 Vendor: ST3120022A 3.06 Size: 114473MB BusType: 3
23:13:20.015 Disk 0 MBR read successfully
23:13:20.015 Disk 0 MBR scan
23:13:20.062 Disk 0 Windows XP default MBR code
23:13:20.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 94460 MB offset 63
23:13:20.078 Disk 0 Partition - 00 0F Extended LBA 20010 MB offset 193454730
23:13:20.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20010 MB offset 193454793
23:13:20.093 Disk 0 scanning sectors +234436545
23:13:20.156 Disk 0 scanning D:\WINDOWS\system32\drivers
23:13:33.656 Service scanning
23:13:49.046 Service sptd D:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:13:53.640 Modules scanning
23:13:59.734 Module: D:\WINDOWS\system32\DRIVERS\avgtdix.sys **SUSPICIOUS**
23:14:03.937 Disk 0 trace - called modules:
23:14:03.984 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88fcbfd0]<<
23:14:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8987dab8]
23:14:03.984 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x896f2030]
23:14:04.000 \Driver\00001709[0x89673d78] -> IRP_MJ_CREATE -> 0x88fcbfd0
23:14:04.765 AVAST engine scan D:\WINDOWS
23:14:15.281 AVAST engine scan D:\WINDOWS\system32
23:18:23.578 AVAST engine scan D:\WINDOWS\system32\drivers
23:18:40.640 AVAST engine scan D:\Documents and Settings\Ma
23:20:05.750 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\2\445a18c2-73985bae **INFECTED** Win32:Small-HTWP [Trj]
23:20:07.046 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\56\25654438-5fc9088b **INFECTED** Win32
ownloader-MRZ [Trj]
23:25:00.062 AVAST engine scan D:\Documents and Settings\All Users
23:27:17.531 Scan finished successfully
23:28:14.734 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Ma\Desktop\MBR.dat"
23:28:14.734 The log file has been saved successfully to "D:\Documents and Settings\Ma\Desktop\aswMBR.txt"
I think I saw another thread in this forum detailing a similar problem, but since I don't seem to have posting rights there I decided to create a thread of my own. Logs from two programs were asked for in that thread, so I've attempted to have them available before posting. The "awsMBR" log file is provided below, abut sadly I wasn't able to get "BTKR_RunBox" to run. After it downloads the files it needs I am prompted to press any key, and when I do so it downloads again and prompts me to press any key, this continues endlessly.
The symptoms of my problem: AVG Free anti-virus continues to identify and remove files which are classified as "Trojan Horse Crypt.AQLW" from time to time. The names of the files vary, but most are detected in the "Windows\system32\" directory. Other than that my system is currently operational, albeit occasionally appears to be slowed down. I'd appreciate help with the issue before it gets any worse.
The "awsMBR" log:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-25 23:10:34
-----------------------------
23:10:34.937 OS Version: Windows 5.1.2600 Service Pack 3
23:10:34.937 Number of processors: 2 586 0x207
23:10:34.937 ComputerName: MAX UserName: Ma
23:10:36.515 Initialize success
23:13:10.015 AVAST engine defs: 12022502
23:13:19.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:13:19.984 Disk 0 Vendor: ST3120022A 3.06 Size: 114473MB BusType: 3
23:13:20.015 Disk 0 MBR read successfully
23:13:20.015 Disk 0 MBR scan
23:13:20.062 Disk 0 Windows XP default MBR code
23:13:20.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 94460 MB offset 63
23:13:20.078 Disk 0 Partition - 00 0F Extended LBA 20010 MB offset 193454730
23:13:20.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20010 MB offset 193454793
23:13:20.093 Disk 0 scanning sectors +234436545
23:13:20.156 Disk 0 scanning D:\WINDOWS\system32\drivers
23:13:33.656 Service scanning
23:13:49.046 Service sptd D:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:13:53.640 Modules scanning
23:13:59.734 Module: D:\WINDOWS\system32\DRIVERS\avgtdix.sys **SUSPICIOUS**
23:14:03.937 Disk 0 trace - called modules:
23:14:03.984 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88fcbfd0]<<
23:14:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8987dab8]
23:14:03.984 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x896f2030]
23:14:04.000 \Driver\00001709[0x89673d78] -> IRP_MJ_CREATE -> 0x88fcbfd0
23:14:04.765 AVAST engine scan D:\WINDOWS
23:14:15.281 AVAST engine scan D:\WINDOWS\system32
23:18:23.578 AVAST engine scan D:\WINDOWS\system32\drivers
23:18:40.640 AVAST engine scan D:\Documents and Settings\Ma
23:20:05.750 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\2\445a18c2-73985bae **INFECTED** Win32:Small-HTWP [Trj]
23:20:07.046 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\56\25654438-5fc9088b **INFECTED** Win32
ownloader-MRZ [Trj]23:25:00.062 AVAST engine scan D:\Documents and Settings\All Users
23:27:17.531 Scan finished successfully
23:28:14.734 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Ma\Desktop\MBR.dat"
23:28:14.734 The log file has been saved successfully to "D:\Documents and Settings\Ma\Desktop\aswMBR.txt"
