Solve : tr/unpacked.gen trojan?

1.	Solve : tr/unpacked.gen trojan?
Answer» hi, i got free avira anti-virus installed. recently it detected tr/unpacked.gen trojan in C:/windows/temp/00001763.exe and i always choose to quarantine it. i realised that each time i quarantine, a new file reappear n avira will prompt. i need to know where to find the source of this trojan/virus.. the thing is that, i scan it with the free online scanner from kaspersky, it detected nothing. apparently it is recommended to have high detection rate. what should i do?? thanks..Download from DDS by sUBs and save it to your Desktop. Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * Double click on dds to run it. * When done, DDS.txt will open. * You will receive another prompt after a while. Click Yes at the prompt and for the next scan to complete. * When done, Attach.txt will open. * Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/28/2006 11:29:01 AM System Uptime: 3/21/2009 1:03:47 PM (14 hours ago) Motherboard: TOSHIBA \| \| Portable PC Processor: Intel(R) Pentium(R) M processor 1400MHz \| IC1005 \| 1396/100mhz ==== Disk PARTITIONS ========================= C: is FIXED (NTFS) - 19 GiB total, 2.806 GiB free. D: is FIXED (NTFS) - 14 GiB total, 11.176 GiB free. E: is FIXED (NTFS) - 5 GiB total, 4.715 GiB free. F: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help CENTER 1.0 Adobe Photoshop CS2 Adobe Reader 8.1.3 Adobe Shockwave Player Adobe Stock Photos 1.0 Apple Mobile Device Support Apple Software Update Audacity 1.2.4 AVG 7.5 Avira AntiVir Personal - Free Antivirus Big Fish Games Client BitComet 0.99 Bitvise Tunnelier 4.28 (remove only) Bluetooth Stack for Windows by Toshiba Bonjour Butterfly Escape CCleaner (remove only) CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) Diner Dash 2 Drag'n Drop CD+DVD DVD-RAM Driver EPSON Printer Software Google Chrome Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel(R) Extreme Graphics Driver Intel(R) PRO Network Adapters and Drivers InterVideo WinDVD 4 iTunes Java 2 Runtime Environment, SE v1.4.2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 LimeWire 4.12.6 LiveUpdate 2.6 (Symantec Corporation) Macromedia Contribute 3.11 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Microsoft .NET Compact Framework 1.0 SP3 Developer Microsoft .NET Compact Framework 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Device Emulator version 1.0 - ENU Microsoft Document Explorer 2005 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Professional Edition - ENU Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 MobileMe Control Panel Mozilla Firefox (3.0.7) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) MultipleIEs Notepad++ PC INSPECTOR smart recovery PDFCreator PopCap Browser Plugin PSPad editor Quest Software Toad for MySQL Freeware 4.1 QuickTime RealPlayer Safari Satisfashion Security Update for CAPICOM (KB931906) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) SingTel SmartFix SmartFix Sony Media Manager for PSP 2.5 SoundMAX SpongeBob SquarePants Diner Dash Spyware Terminator SUPERAntiSpyware Free Edition Symantec AntiVirus Synaptics Pointing Device Driver TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Controls Toshiba Hotkey Utility for Display Devices TOSHIBA Power Saver TOSHIBA SD Memory Card Format TOSHIBA Software Modem TOSHIBA TouchPad On/Off Utility V2.05.00 TOSHIBA Utilities UltraEdit v14.00a Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VideoLAN VLC media player 0.8.6c WampServer 2.0 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Wireless Hotkey Yahoo! Messenger ==== End Of File =========================== DDS.txt DDS (Ver_09-03-16.01) - NTFSx86 Run by sereneloo at 3:33:16.08 on Sun 03/22/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1263.395 [GMT 8:00] AV: AVG 7.5.557 On-access scanning enabled (Updated) AV: Avira AntiVir PersonalEdition On-access scanning enabled (Updated) AV: Symantec AntiVirus Corporate Edition On-access scanning enabled (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SmartFix\bin\McciTrayApp.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\sereneloo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\SmartFix\bin\MotiveBrowser.exe C:\Program Files\SmartFix\bin\MotiveBrowser.exe C:\Program Files\SmartFix\bin\MotiveBrowser.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE D:\chriz\App\dds.pif ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = about:blank uInternet Settings,ProxyOverride = 127.0.0.1;.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\sereneloo\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [PmProxy] c:\program files\analog devices\soundmax\PmProxy.exe mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [000StTHK] 000StTHK.exe mRun: [TFNF5] TFNF5.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [TPSMain] TPSMain.exe mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe mRun: [LTSMMSG] LTSMMSG.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [singtelTrayApp] "c:\program files\smartfix\bin\McciTrayApp.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE StartupFolder: c:\docume~1\serene~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Supercow/Images/stg_drm.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://npsdmail4.np.edu.sg/iNotes6W.cab DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167290453738 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Supercow/Images/armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://npsdmail4.np.edu.sg/dwa7W.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\serene~1\applic~1\mozilla\firefox\profiles\1q2ibpwb.default\ FF - prefs.js: browser.startup.homepage - hxxp://steeztrend.com/ FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\documents and settings\sereneloo\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll ============= SERVICES / DRIVERS =============== R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-11-20 821856] R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-11-20 4224] R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-11-20 27776] R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-11-20 10760] R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-9 11840] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-10-7 141312] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-9 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-9 151297] R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-11-20 418816] R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-11-20 49664] R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-11-20 406528] R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-11-20 4960] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904] R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-9 52032] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\naveng.sys [2009-3-21 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\navex15.sys [2009-3-21 876144] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568] S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\programs\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808] =============== CREATED Last 30 ================ 2009-03-22 03:06--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-03-22 03:06--d-----c:\program files\SUPERAntiSpyware 2009-03-22 03:06--d-----c:\docume~1\serene~1\applic~1\SUPERAntiSpyware.com 2009-03-19 22:30--d-----c:\program files\CCleaner 2009-03-10 23:170a-------C:\LOG14D.tmp 2009-03-10 20:260a-------C:\LOGF3.tmp 2009-03-09 23:29--d-----c:\program files\Avira 2009-03-09 23:29--d-----c:\docume~1\alluse~1\applic~1\Avira 2009-03-09 22:460a-------C:\LOG108.tmp 2009-03-08 22:040a-------C:\LOGF7.tmp 2009-03-07 10:090a-------C:\LOGD0.tmp 2009-03-02 19:520a-------C:\LOGBE.tmp 2009-03-01 21:010a-------C:\LOGA1.tmp 2009-02-24 21:340a-------C:\LOG80.tmp 2009-02-23 20:310a-------C:\LOG7D.tmp 2009-02-22 21:15--d-----c:\docume~1\serene~1\applic~1\Software 2009-02-22 21:14--d-----c:\program files\Quest Software 2009-02-22 21:14--d-----c:\program files\common files\Quest Shared 2009-02-22 21:100a-------C:\LOG71.tmp ==================== Find3M ==================== 2009-02-22 21:13161a-------c:\program files\INSTALL.LOG 2009-02-09 19:131,846,784a-------c:\windows\system32\win32k.sys 2008-11-02 01:221,851,544a-------c:\program files\install_flash_player(2).exe 2008-10-25 12:3528,868,320a-------c:\program files\FileFormatConverters.exe 2008-08-09 16:011,495,112a-------c:\program files\install_flash_player.exe 2008-07-06 01:320a-------c:\program files\temp01 2008-07-03 23:437,496,920a-------c:\program files\Firefox Setup 3.0.exe 2008-06-15 15:3223,766,320a-------c:\program files\QuickTimeInstaller.exe 2008-02-12 00:1133,016,248a-------c:\program files\mediamanager2.5_setup.exe 2007-10-31 20:4051,422,520a-------c:\program files\iTunes743Setup.exe 2007-10-07 20:4110,378,944a-------c:\program files\SpywareTerminatorSetup.exe 2007-08-11 00:487,649,240a-------c:\program files\Windows-KB890830-V1.31.exe 2007-08-11 00:471,266,056a-------c:\program files\WindowsXP-KB927891-v3-x86-ENU.exe 2007-05-27 23:2421,822,168a-------c:\program files\AdbeRdr80_en_US.exe 2007-05-18 11:39473,664a-------c:\program files\msgr8sg.exe 2007-01-29 12:2020,193,072a-------c:\program files\SkypeSetup.exe 2007-01-24 20:27359,112a-------c:\program files\LimeWireWin.exe 2006-12-28 19:30820,875a-------c:\program files\setup.exe 2006-12-28 14:5716,332,072a-------c:\program files\Install_Messenger_nous.exe 2008-09-12 03:1432,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat ============= FINISH: 3:34:34.82 =============== Go to Add or Remove Programs and uninstall: AVG 7.5 LiveUpdate 2.6 (Symantec Corporation) Symantec AntiVirus . ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next* Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC. Delete Nortonremoval tool from your Desktop. . ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix ---------- Now run a new DDS scan and post the new DDS.txt log only**, I won't need the Attach log.sorry i haven reply for a couple of days. fell asleep that night btw the computer is not with me now. i would reply again once i do ur instructions. thanks

Answer»

hi,

i got free avira anti-virus installed. recently it detected tr/unpacked.gen trojan in C:/windows/temp/00001763.exe and i always choose to quarantine it. i realised that each time i quarantine, a new file reappear n avira will prompt. i need to know where to find the source of this trojan/virus..

the thing is that, i scan it with the free online scanner from kaspersky, it detected nothing. apparently it is recommended to have high detection rate.

what should i do?? thanks..Download from DDS by sUBs and save it to your Desktop.

Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* Double click on dds to run it.
* When done, DDS.txt will open.
* You will receive another prompt after a while. Click Yes at the prompt and for the next scan to complete.
* When done, Attach.txt will open.
* Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2006 11:29:01 AM
System Uptime: 3/21/2009 1:03:47 PM (14 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1400MHz | IC1005 | 1396/100mhz

==== Disk PARTITIONS =========================

C: is FIXED (NTFS) - 19 GiB total, 2.806 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 11.176 GiB free.
E: is FIXED (NTFS) - 5 GiB total, 4.715 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help CENTER 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.4
AVG 7.5
Avira AntiVir Personal - Free Antivirus
Big Fish Games Client
BitComet 0.99
Bitvise Tunnelier 4.28 (remove only)
Bluetooth Stack for Windows by Toshiba
Bonjour
Butterfly Escape
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Diner Dash 2
Drag'n Drop CD+DVD
DVD-RAM Driver
EPSON Printer Software
Google Chrome
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 4
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LimeWire 4.12.6
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
MobileMe Control Panel
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MultipleIEs
Notepad++
PC INSPECTOR smart recovery
PDFCreator
PopCap Browser Plugin
PSPad editor
Quest Software Toad for MySQL Freeware 4.1
QuickTime
RealPlayer
Safari
Satisfashion
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SingTel SmartFix
SmartFix
Sony Media Manager for PSP 2.5
SoundMAX
SpongeBob SquarePants Diner Dash
Spyware Terminator
SUPERAntiSpyware Free Edition
Symantec AntiVirus
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
UltraEdit v14.00a
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6c
WampServer 2.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Hotkey
Yahoo! Messenger

==== End Of File ===========================

DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by sereneloo at 3:33:16.08 on Sun 03/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1263.395 [GMT 8:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SmartFix\bin\McciTrayApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sereneloo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SmartFix\bin\MotiveBrowser.exe
C:\Program Files\SmartFix\bin\MotiveBrowser.exe
C:\Program Files\SmartFix\bin\MotiveBrowser.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
D:\chriz\App\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sereneloo\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PmProxy] c:\program files\analog devices\soundmax\PmProxy.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TPSMain] TPSMain.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [singtelTrayApp] "c:\program files\smartfix\bin\McciTrayApp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\serene~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Supercow/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://npsdmail4.np.edu.sg/iNotes6W.cab
DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167290453738
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Supercow/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://npsdmail4.np.edu.sg/dwa7W.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\serene~1\applic~1\mozilla\firefox\profiles\1q2ibpwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://steeztrend.com/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sereneloo\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-11-20 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-11-20 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-11-20 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-11-20 10760]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-9 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-10-7 141312]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-9 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-9 151297]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-11-20 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-11-20 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-11-20 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-11-20 4960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-9 52032]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\naveng.sys [2009-3-21 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\navex15.sys [2009-3-21 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\programs\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== CREATED Last 30 ================

2009-03-22 03:06--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-22 03:06--d-----c:\program files\SUPERAntiSpyware
2009-03-22 03:06--d-----c:\docume~1\serene~1\applic~1\SUPERAntiSpyware.com
2009-03-19 22:30--d-----c:\program files\CCleaner
2009-03-10 23:170a-------C:\LOG14D.tmp
2009-03-10 20:260a-------C:\LOGF3.tmp
2009-03-09 23:29--d-----c:\program files\Avira
2009-03-09 23:29--d-----c:\docume~1\alluse~1\applic~1\Avira
2009-03-09 22:460a-------C:\LOG108.tmp
2009-03-08 22:040a-------C:\LOGF7.tmp
2009-03-07 10:090a-------C:\LOGD0.tmp
2009-03-02 19:520a-------C:\LOGBE.tmp
2009-03-01 21:010a-------C:\LOGA1.tmp
2009-02-24 21:340a-------C:\LOG80.tmp
2009-02-23 20:310a-------C:\LOG7D.tmp
2009-02-22 21:15--d-----c:\docume~1\serene~1\applic~1\Software
2009-02-22 21:14--d-----c:\program files\Quest Software
2009-02-22 21:14--d-----c:\program files\common files\Quest Shared
2009-02-22 21:100a-------C:\LOG71.tmp

==================== Find3M ====================

2009-02-22 21:13161a-------c:\program files\INSTALL.LOG
2009-02-09 19:131,846,784a-------c:\windows\system32\win32k.sys
2008-11-02 01:221,851,544a-------c:\program files\install_flash_player(2).exe
2008-10-25 12:3528,868,320a-------c:\program files\FileFormatConverters.exe
2008-08-09 16:011,495,112a-------c:\program files\install_flash_player.exe
2008-07-06 01:320a-------c:\program files\temp01
2008-07-03 23:437,496,920a-------c:\program files\Firefox Setup 3.0.exe
2008-06-15 15:3223,766,320a-------c:\program files\QuickTimeInstaller.exe
2008-02-12 00:1133,016,248a-------c:\program files\mediamanager2.5_setup.exe
2007-10-31 20:4051,422,520a-------c:\program files\iTunes743Setup.exe
2007-10-07 20:4110,378,944a-------c:\program files\SpywareTerminatorSetup.exe
2007-08-11 00:487,649,240a-------c:\program files\Windows-KB890830-V1.31.exe
2007-08-11 00:471,266,056a-------c:\program files\WindowsXP-KB927891-v3-x86-ENU.exe
2007-05-27 23:2421,822,168a-------c:\program files\AdbeRdr80_en_US.exe
2007-05-18 11:39473,664a-------c:\program files\msgr8sg.exe
2007-01-29 12:2020,193,072a-------c:\program files\SkypeSetup.exe
2007-01-24 20:27359,112a-------c:\program files\LimeWireWin.exe
2006-12-28 19:30820,875a-------c:\program files\setup.exe
2006-12-28 14:5716,332,072a-------c:\program files\Install_Messenger_nous.exe
2008-09-12 03:1432,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 3:34:34.82 ===============
Go to Add or Remove Programs and uninstall:

AVG 7.5
LiveUpdate 2.6 (Symantec Corporation)
Symantec AntiVirus

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC.
Delete Nortonremoval tool from your Desktop.

.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Now run a new DDS scan and post the new DDS.txt log only, I won't need the Attach log.sorry i haven reply for a couple of days. fell asleep that night btw the computer is not with me now. i would reply again once i do ur instructions. thanks

Solve : tr/unpacked.gen trojan?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment