Jump to content

Some sort of malware


Recommended Posts

I have no idea what is really going on, but starting 2-3days ago I started to get google redirections and svchost.exe took up massive amounts of cpu so I used Malwarebytes and AVG. Those two deleted a ton of viruses and svchost.exe stopped acting up, but yesterday Malwarebytes started to block a lot of IPs (by a lot I mean the little bubble never stopped popping up). I really have no idea what's up so I decided to get some help.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 21:50:56.70 on Mon 02/07/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1041 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

============== Running Processes ===============


C:WINDOWSsystem32svchost -k DcomLaunch


C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32svchost.exe -k WudfServiceGroup

C:Program FilesIntelWirelessBinEvtEng.exe

C:Program FilesIntelWirelessBinS24EvMon.exe

C:Program FilesIntelWirelessBinWLKeeper.exe






C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesAVGAVG10avgfws.exe


C:Program FilesAVGAVG10avgwdsvc.exe

C:Program FilesBonjourmDNSResponder.exe

C:WINDOWSsystem32svchost.exe -k hpdevmgmt

C:Program FilesJavajre6binjqs.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe

C:Program FilesAVGAVG10avgam.exe

C:Program FilesAVGAVG10avgnsx.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE


C:WINDOWSSystem32svchost.exe -k HPZ12


C:WINDOWSSystem32svchost.exe -k HPZ12

C:Program FilesIntelWirelessBinRegSrvc.exe

c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe

C:Program FilesAVGAVG10avgcsrvx.exe

C:WINDOWSSystem32svchost.exe -k HTTPFilter


C:Program FilesDellQuickSetquickset.exe

C:Program FilesApointApoint.exe


C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

C:Program FilesIntelWirelessbinZCfgSvc.exe

C:Program FilesIntelWirelessBinifrmewrk.exe


C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:Program FilesCyberLinkPowerDVDDVDLauncher.exe


C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesMcAfeeCommon Frameworkudaterui.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesDivXDivX UpdateDivXUpdate.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesAVGAVG10avgtray.exe

C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe


C:Program FilesSUPERAntiSpywareb6ed1a67-d269-4c3e-a643-99baa3f8d1bd.com

C:Program FilesApointHidFind.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesIntelWirelessBinDot1XCfg.exe


C:Program FilesMcAfeeCommon FrameworkMcTray.exe

C:Program FilesApointApntex.exe

C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

C:Program FilesHPDigital Imagingbinhpqbam08.exe

C:Program FilesHPDigital Imagingbinhpqgpc01.exe


C:Program FilesAVGAVG10avgcsrvx.exe



C:Program FilesMozilla Firefoxplugin-container.exe

C:Documents and SettingsAdministratorDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bc.edu/bcinfo

uInternet Settings,ProxyOverride = ;<local>;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:program fileshpdigital imagingsmart web printinghpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg10avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlaDLASHX_W.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:program fileshpdigital imagingsmart web printinghpswp_bho.dll

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

uRun: [Google Update] "c:documents and settingsadministratorlo

Er I'm REALLY sorry about all those topics. When I clicked to create the post it said connection to server timed out and I thought it didn't work. I hope you guys don't think of me as some spamming douche.

Link to post
Share on other sites


Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.