1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Avast says it deleted a malware but..

Discussion in 'Virus & Other Malware Removal' started by pikachux3, Oct 16, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. pikachux3

    pikachux3 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    3
    my computer performance seems slower and there are pop ups sometimes - occasionally when my browser is off. what do i do? thanks.
     
  2. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)



    We need to see some additional information about what is happening in your machine.
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE


    ============================================================================


    Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

    • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
    • Double-click Gmer.exe to run the program.
    • When the program opens, click the "Rootkit" Tab
    • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
    • Select all drives that are connected to your system to be scanned
    • Click the Scan button
    • When the scan is finished, click Copy to save the scan log to the Windows clipboard
    • Open Notepad or a similar text editor
    • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
    • Save the gmer scan log and post it in your next reply.
    • Close Gmer
    • Open a command prompt (Start | run |type cmd and hit Enter)
      • Type or paste the following to unload the gmer driver:
      • net stop gmer
      • Hit Enter
      • Exit the command prompt.
    • Re-enable all active protection.
     
  3. pikachux3

    pikachux3 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    3
    sorry about the response time i was busy, but here it is

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-13.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/5/2006 12:28:58 AM
    System Uptime: 10/20/2009 9:07:34 PM (0 hours ago)

    Motherboard: | | SiS-661
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Socket 775 | 2673/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 20 GiB total, 6.15 GiB free.
    D: is FIXED (NTFS) - 129 GiB total, 126.109 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 38 GiB total, 27.068 GiB free.
    G: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia 5130c-2
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 5130c-2
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP315: 8/31/2009 3:56:26 PM - System Checkpoint
    RP316: 9/3/2009 8:12:02 PM - System Checkpoint
    RP317: 9/3/2009 9:20:04 PM - Software Distribution Service 3.0
    RP318: 9/6/2009 12:44:49 PM - System Checkpoint
    RP319: 9/7/2009 5:27:20 PM - System Checkpoint
    RP320: 9/8/2009 4:50:24 PM - Software Distribution Service 3.0
    RP321: 9/9/2009 7:55:43 PM - System Checkpoint
    RP322: 9/12/2009 5:34:58 PM - System Checkpoint
    RP323: 9/13/2009 6:06:38 PM - System Checkpoint
    RP324: 9/15/2009 9:14:43 PM - System Checkpoint
    RP325: 9/16/2009 10:54:40 PM - System Checkpoint
    RP326: 9/20/2009 12:16:01 AM - System Checkpoint
    RP327: 9/25/2009 12:29:07 AM - System Checkpoint
    RP328: 9/26/2009 10:30:08 AM - System Checkpoint
    RP329: 9/30/2009 10:48:14 PM - Installed Windows XP Wdf01007.
    RP330: 9/30/2009 10:49:07 PM - Installed Windows XP Wudf01007.
    RP331: 9/30/2009 11:14:58 PM - Removed Nokia Music.
    RP332: 10/1/2009 11:29:19 PM - System Checkpoint
    RP333: 10/4/2009 3:27:26 PM - System Checkpoint
    RP334: 10/5/2009 7:30:49 PM - System Checkpoint
    RP335: 10/8/2009 7:25:23 PM - System Checkpoint
    RP336: 10/10/2009 6:44:49 PM - System Checkpoint
    RP337: 10/14/2009 9:06:01 AM - System Checkpoint
    RP338: 10/14/2009 10:02:04 PM - Software Distribution Service 3.0
    RP339: 10/15/2009 10:01:07 PM - Software Distribution Service 3.0
    RP340: 10/18/2009 9:37:02 PM - System Checkpoint
    RP341: 10/20/2009 6:46:42 PM - System Checkpoint

    ==== Installed Programs ======================

    2Wire Wireless Client
    Acrobat.com
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Adobe Shockwave Player
    Advanced SystemCare 3
    AnyDVD
    AoA Audio Extractor 1.0
    AutoUpdate
    avast! Antivirus
    BS.Player FREE
    BufferChm
    CCleaner (remove only)
    D1400
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Version Checker
    dj_sf_software
    dj_sf_software_req
    DVD Flick 1.3.0.6
    eSupportQFolder
    Free Ram Optimizer XP 1.0
    GIMP 2.6.6
    Hamachi 1.0.3.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP Deskjet Printer Driver Software 9.0
    HP Imaging Device Functions 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Print Diagnostic Utility
    HP Smart Web Printing
    HP Solution Center 9.0
    HP USB Multimedia Keyboard Driver V1.2
    HPProductAssistant
    ImgBurn
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.5.3)
    MSVC80_x86
    MSXML 4.0 SP2 (KB954430)
    Nokia Connectivity Cable Driver
    Nokia Multimedia Common Components 2.4
    Nokia PC Suite
    OpenOffice.org 3.0
    PanoStandAlone
    PC Connectivity Solution
    PSSWCORE
    QuickTime
    Realtek AC'97 Audio
    Samsung USB Driver
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Smart Defrag 1.20
    Software Informer 1.0 BETA
    SolutionCenter
    Status
    StepMania (remove only)
    StepMania 4 alpha 4 (remove only)
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB968389)
    VC80CRTRedist - 8.0.50727.762
    Ventrilo Client
    Veoh Web Player
    VideoToolkit01
    Viewpoint Media Player
    WC3Banlist
    WebReg
    Winamp
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.0
    Windows XP Service Pack 3
    WinPcap 4.0.2
    WinRAR archiver
    Xfire (remove only)
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    10/20/2009 9:08:48 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    10/20/2009 9:08:48 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
    10/20/2009 9:08:48 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the NT LM Security Support Provider service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    ==== End Of File ===========================


    DDS


    DDS (Ver_09-10-13.01) - NTFSx86
    Run by Chac at 21:44:22.48 on Tue 10/20/2009
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.92 [GMT -7:00]

    AV: avast! antivirus 4.8.1351 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Chac\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://yahoo.sbc.com/dsl
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: XML module: {500bca15-57a7-4eaf-8143-8c619470b13d} - XML Class
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    EB: {08FCF7E3-5F7D-444E-8554-76A516EB3C6C} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Free Ram Optimizer] c:\program files\acelogix\free ram optimizer\fro.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    uRun: [New Value #1] "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
    mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [BtcMaestro] "c:\program files\hp usb multimedia keyboard\KMaestro.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276}
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146329535234
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - hxxp://www.clickteam.com/vitalize3/vitalize.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\chac\applic~1\mozilla\firefox\profiles\0f3dfl1p.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - plugin: c:\documents and settings\chac\application data\mozilla\firefox\profiles\0f3dfl1p.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-7 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-7 20560]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-3 24652]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

    =============== Created Last 30 ================

    2009-10-16 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2009-10-10 19:31 166,400 a------- c:\windows\msa.exe
    2009-09-30 23:06 <DIR> --d----- c:\windows\Globalization
    2009-09-30 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NokiaMusic
    2009-09-30 22:49 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2009-09-30 22:49 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2009-09-30 22:48 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
    2009-09-30 22:48 26,112 a------- c:\windows\system32\drivers\usbser.sys
    2009-09-30 22:48 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-09-30 22:48 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-09-30 22:48 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
    2009-09-30 22:46 <DIR> --d----- c:\program files\common files\PCSuite
    2009-09-30 22:46 <DIR> --d----- c:\program files\common files\Nokia
    2009-09-30 22:45 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
    2009-09-30 22:45 <DIR> --d----- c:\program files\PC Connectivity Solution
    2009-09-30 22:45 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
    2009-09-30 22:45 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
    2009-09-30 22:45 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
    2009-09-30 22:45 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
    2009-09-30 22:45 659,968 a------- c:\windows\system32\nmwcdcocls.dll
    2009-09-30 22:45 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
    2009-09-30 22:45 91,136 a------- c:\windows\system32\nmwcdcls.dll
    2009-09-30 22:45 <DIR> --d----- c:\program files\Nokia

    ==================== Find3M ====================

    2009-09-24 22:37 667,136 a------- c:\windows\system32\wininet.dll
    2009-09-24 22:37 81,920 -------- c:\windows\system32\ieencode.dll
    2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-09-10 17:01 41,872 a------- c:\windows\system32\xfcodec.dll
    2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
    2009-08-26 01:00 247,326 -------- c:\windows\system32\strmdll.dll
    2009-08-12 15:32 137,538 a------- c:\windows\HPHins15.dat
    2009-08-05 02:01 204,800 -------- c:\windows\system32\mswebdvd.dll
    2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
    2009-08-04 07:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
    2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

    ============= FINISH: 21:44:57.78 ===============

    GMER LOG

    GMER 1.0.15.15163 - http://www.gmer.net
    Rootkit scan 2009-10-20 22:04:26
    Windows 5.1.2600 Service Pack 3
    Running: 83yl0o31.exe; Driver: C:\DOCUME~1\Chac\LOCALS~1\Temp\pftiypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7D686B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7D68574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7D68A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB7D6814C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB7D6864E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB7D6808C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7D680F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB7D6876E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB7D6872E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB7D688AE]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0A078D3-8833-3DAB-93B8-67CE9989FC05}

    ---- EOF - GMER 1.0.15 ----


    when i typed in "net stop gmer" it said System Error 1060 has occurred. The specified service does not exist as an installed service.
     
  4. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    what is avast actually finding? I don't see anything in your logs. Thanks
     
  5. pikachux3

    pikachux3 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    3
    i'm not sure what avast is trying to find. it said it detected some kind of malware gen and deleted it. so my computer is fine?
     
  6. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    As far as the logs

    We can run an online scan though


    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take quite a long time to download.
    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • [*]Spyware, adware, dialers, and other riskware
        [*]Archives
        [*]E-mail databases
    • Click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View report... at the bottom.
    • Click the Save report... button.

      [​IMG]

    • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Avast says deleted
  1. durhamcoffee
    Replies:
    12
    Views:
    592
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/869182

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice