Jump to content

AVE.EXE Help!


Recommended Posts

ORIGINAL POST in HELP SECTION:

Help! I got the Trojan/Worm/AVE.EXE. It hijacked my computer. Windows XP SP3. I have put in a new Hardrive (after the issue started) and have run MALWARE, but it doesn't find it. I've tried running MALWARE off a BartsPE disk, but it won't load correctly. I've tried the changing it to a .COM instead of .EXE ... I keep getting the error that MSVBM60.DLL is not found.

What else can I try? Windows Repair won't work, either. I am trying to run it in SAFEMODE off of the new drive with the old drive as a slave. Not finding anything, yet.

What else can I do?

Rev....

Received a reply to follow the following step in the direction files (seems standard) and repost answers here:

DDS.TXT:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Rev. Howard S. Bell at 0:04:23.85 on Fri 03/26/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1496 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Rev. Howard S. Bell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.0.0.127\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.0.0.127\IPSBHO.DLL

BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.0.0.127\coIEPlg.dll

TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

mRun: [<NO NAME>]

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-23 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0400000.07f\SymDS.sys [2010-3-23 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.07f\SymEFA.sys [2010-3-23 172592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-2-11 536112]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys [2010-3-23 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0400000.07f\Ironx86.sys [2010-3-23 116272]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-23 236368]

S2 N360;Norton 360;c:\program files\norton 360\engine\4.0.0.127\ccSvcHst.exe [2010-3-23 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-23 102448]

S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100317.002\IDSXpx86.sys [2010-3-23 329592]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-23 19160]

S3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100325.002\NAVENG.SYS [2010-3-25 84912]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100325.002\NAVEX15.SYS [2010-3-25 1324720]

=============== Created Last 30 ================

2010-03-26 05:04:10 0 ----a-w- c:\documents and settings\rev. howard s. bell\defogger_reenable

2010-03-26 02:28:53 0 d-----w- c:\windows\system32\appmgmt

2010-03-26 02:15:11 0 d-----w- C:\XPSP2

2010-03-25 22:49:58 0 d-----w- c:\docume~1\revhow~1.bel\applic~1\AskToolbar

2010-03-25 22:33:16 0 d-----w- c:\program files\Nero

2010-03-25 22:32:46 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Nero

2010-03-25 22:32:04 0 d-----w- c:\program files\Ask.com

2010-03-25 22:12:16 0 d-----w- C:\bbie

2010-03-25 21:46:57 0 d-----w- C:\XPSP3

2010-03-25 21:46:38 0 d-----w- C:\XPSP2CD

2010-03-25 19:41:26 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-03-25 19:21:23 0 d-----w- C:\pebuilder3110a

2010-03-25 12:32:40 0 d-----w- c:\docume~1\revhow~1.bel\applic~1\Windows Search

2010-03-25 12:31:38 0 d-----w- c:\windows\pss

2010-03-25 12:21:46 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-03-25 12:20:04 0 d-----w- c:\program files\Spyware Doctor

2010-03-24 00:15:51 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-24 00:15:11 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-24 00:15:11 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-03-24 00:15:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-24 00:15:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-24 00:15:07 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-24 00:15:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-24 00:15:07 0 d-----w- c:\program files\Symantec

2010-03-24 00:15:07 0 d-----w- c:\program files\common files\Symantec Shared

2010-03-24 00:14:53 0 d-----w- c:\windows\system32\drivers\N360

2010-03-24 00:14:52 0 d-----w- c:\program files\Norton 360

2010-03-24 00:14:44 0 d-----w- c:\program files\NortonInstaller

2010-03-24 00:14:44 0 d-----w- c:\docume~1\alluse~1.win\applic~1\NortonInstaller

2010-03-24 00:12:49 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Norton

2010-03-24 00:06:39 0 d-----w- c:\docume~1\revhow~1.bel\applic~1\Malwarebytes

2010-03-24 00:06:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-24 00:06:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-24 00:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-24 00:06:33 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2010-03-24 00:05:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-24 00:05:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-24 00:04:50 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-03-24 00:03:59 0 d-sh--w- c:\documents and settings\rev. howard s. bell\IECompatCache

2010-03-24 00:03:16 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-24 00:03:11 0 d-----w- c:\program files\Lavasoft

2010-03-24 00:02:52 0 d-sh--w- c:\documents and settings\rev. howard s. bell\PrivacIE

2010-03-24 00:01:11 0 d-sh--w- c:\documents and settings\rev. howard s. bell\IETldCache

2010-03-23 23:58:04 0 d-----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation

2010-03-23 23:58:00 0 d-----w- c:\program files\NVIDIA Corporation

2010-03-23 23:55:57 0 d-----w- c:\windows\ie8updates

2010-03-23 23:55:51 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-03-23 23:55:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-03-23 23:55:51 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-23 23:55:51 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-03-23 23:55:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-23 23:55:51 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-03-23 23:55:35 0 d-----w- c:\program files\common files\ActivIdentity

2010-03-23 23:55:35 0 d-----w- c:\program files\ActivIdentity

2010-03-23 23:55:17 0 dc-h--w- c:\windows\ie8

2010-03-23 23:54:43 0 d-----w- C:\OE-10-48-017_AC62_AFR_Home_Use_V1000

2010-03-23 23:48:49 0 d-----w- c:\windows\system32\XPSViewer

2010-03-23 23:48:33 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-03-23 23:48:33 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-03-23 23:48:33 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-03-23 23:48:33 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-03-23 23:48:33 117760 ------w- c:\windows\system32\prntvpt.dll

2010-03-23 23:48:32 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-03-23 23:48:32 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-03-23 23:48:32 0 d-----w- C:\3f7c5b256c2e196ec93ed1af9ebefe9c

2010-03-23 23:45:44 0 d-----w- c:\docume~1\revhow~1.bel\applic~1\Windows Desktop Search

2010-03-23 23:45:29 0 d-----w- c:\program files\Windows Desktop Search

2010-03-23 23:44:55 0 d-----w- c:\program files\Windows Media Connect 2

2010-03-23 23:44:22 0 d-----w- c:\windows\system32\LogFiles

2010-03-23 23:43:30 0 d-----w- c:\windows\system32\URTTemp

2010-03-23 23:30:06 0 d-----w- c:\windows\system32\scripting

2010-03-23 23:30:06 0 d-----w- c:\windows\system32\en

2010-03-23 23:30:06 0 d-----w- c:\windows\system32\bits

2010-03-23 23:30:06 0 d-----w- c:\windows\l2schemas

2010-03-23 23:29:18 0 d-----w- c:\windows\ServicePackFiles

2010-03-23 23:28:38 0 d-----w- c:\windows\network diagnostic

2010-03-23 23:25:50 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-23 23:25:27 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-23 23:25:15 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-23 23:22:52 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-23 23:22:52 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-23 23:22:50 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-23 23:22:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-23 23:19:05 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-23 23:19:04 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-03-23 23:18:37 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-03-23 23:18:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-23 23:18:35 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-23 23:18:19 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-23 23:11:38 0 d-----w- c:\windows\system32\PreInstall

2010-03-23 23:10:58 0 d-sh--w- c:\documents and settings\rev. howard s. bell\UserData

2010-03-23 23:09:57 13722 ----a-w- c:\windows\system32\wpa.bak

2010-03-23 23:08:48 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2010-03-23 23:08:48 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-03-23 23:08:48 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-03-23 23:08:48 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-03-23 23:08:48 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-03-23 23:08:48 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-03-23 23:08:48 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-03-23 23:08:47 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-03-23 23:08:47 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-03-23 23:08:47 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-23 23:08:47 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-23 23:08:46 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-23 23:07:28 146650 ----a-w- c:\windows\system32\BuzzingBee.wav

2010-03-23 23:07:27 940794 ----a-w- c:\windows\system32\LoopyMusic.wav

2010-03-23 23:07:24 0 d-----w- c:\windows\system32\Lang

2010-03-23 23:05:02 0 d-----w- c:\program files\Realtek

2010-03-23 23:04:56 520192 ------r- c:\windows\RtlExUpd.dll

2010-03-23 23:04:56 315392 ----a-w- c:\windows\HideWin.exe

2010-03-23 23:04:40 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys

2010-03-23 23:03:49 592488 ----a-w- c:\windows\system32\nvudisp.exe

2010-03-23 23:03:49 25699 ----a-w- c:\windows\system32\nvdisp.nvu

2010-03-23 23:03:49 0 d-----w- c:\windows\nview

2010-03-23 22:43:33 0 d-sh--w- c:\documents and settings\all users.windows\DRM

2010-03-23 22:43:18 0 d--h--w- c:\program files\WindowsUpdate

2010-03-23 22:42:37 0 d-----w- c:\program files\common files\MSSoap

2010-03-23 22:41:31 0 d-----w- c:\program files\Online Services

2010-03-23 22:41:26 0 d-----w- c:\program files\Messenger

2010-03-23 22:41:23 0 d-----w- c:\program files\MSN Gaming Zone

2010-03-23 22:40:53 0 d-----w- c:\program files\Windows NT

2010-03-23 16:31:13 0 d-----w- c:\program files\common files\ODBC

2010-03-23 16:31:11 0 d-----w- c:\program files\common files\SpeechEngines

2010-03-23 16:30:51 0 d-----r- c:\documents and settings\all users.windows\Documents

==================== Find3M ====================

2010-03-23 22:41:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-01-12 18:03:34 6359168 ----a-w- c:\windows\system32\nv4_disp.dll

2010-01-12 18:03:34 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-01-12 18:03:34 592488 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-01-12 18:03:34 4104192 ----a-w- c:\windows\system32\nvcuda.dll

2010-01-12 18:03:34 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-01-12 18:03:34 2283526 ----a-w- c:\windows\system32\nvdata.bin

2010-01-12 18:03:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2010-01-12 18:03:34 182888 ----a-w- c:\windows\system32\nvcodins.dll

2010-01-12 18:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll

2010-01-12 18:03:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll

2010-01-12 18:03:34 11632640 ----a-w- c:\windows\system32\nvcompiler.dll

2010-01-12 18:03:34 1081344 ----a-w- c:\windows\system32\nvapi.dll

2010-01-12 04:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-01-12 04:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-01-12 04:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-01-12 04:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll

2010-01-12 04:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-12 04:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll

============= FINISH: 0:04:37.31 ===============

Attach.zip

That's everything, I think.

Thanks for the help.

Rev.....

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.