My first run in with a trojan/virus i cant easily heal

beaner_bimmer · 23-Jul-2009, 10:49 PM #1

My external HD has a trojan/virus combo my AVG reports. It cant heal it and it points to a directory that doesn't seem to exist. My computer seems fine but has a problem here and there when accessing certain directories. Blue screen, crash, repeat. I'm seeking help so I dont have to format the HD, and also because the AVG report was kinda unnerving. Oh, and it knows how to kill my vsmon.exe (zonealarm)

########################
Avg 8.5.375 virus 270.13.26/2257#
##############################################
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003\"Trojan horse Agent2.DXZ.dropper";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003\"Trojan horse Agent2.DXZ.dropper";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003
\"May be infected by unknown virus Win32/DH.1";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003\"Trojan horse IRC/BackDoor.SdBot4.EMB";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003\"Trojan horse IRC/BackDoor.SdBot4.EMB";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003
\"May be infected by unknown virus Win32/DH.1";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003
\"May be infected by unknown virus Win32/DH.1";"Infected"
"F:\RECYCLER\S-1-5-21-1123561945-1547161642-1177238915-1003\"Trojan horse IRC/BackDoor.SdBot4.EMB";"Infected"
-shortened for space-
##############################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:53 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\nero\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\nero\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ConvertX\3\ConvertXtoDvd.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13176DDB-0665-4C89-98CF-F4413DB1D9F1}: NameServer = 216.109.194.2,216.109.194.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{13176DDB-0665-4C89-98CF-F4413DB1D9F1}: NameServer = 216.109.194.2,216.109.194.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{13176DDB-0665-4C89-98CF-F4413DB1D9F1}: NameServer = 216.109.194.2,216.109.194.3
O17 - HKLM\System\CS4\Services\Tcpip\..\{13176DDB-0665-4C89-98CF-F4413DB1D9F1}: NameServer = 216.109.194.2,216.109.194.3
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BitComet AntiARP - Unknown owner - C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5746 bytes
######################################

I included the HiJack log but dont see an issue myself. My system is stable and i haven't accessed whatever trips the problem. Iv'e installed kaspersky and it conflicts with avg, zonealarm and something else; Iv'e uninstalled it.

And is multiple svchost's normal? Any and all help appreciated.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop lcd malware memory monitor motherboard network operating system printer problem ram registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!