chadb

ok I posted a problem I have here: http://forums.malwarebytes.org/index.php?showtopic=42675 I was told I posted in the wrong place and to follow the instructions (as much as possible) from this topic: http://forums.malwarebytes.org/index.php?showtopic=9573, these are the results: Downloaded defogger, ran it, clicked disable, clicked yes, got the 'finished!' message, clicked ok but it didn't ask me to restart so I restarted myself (i can't restart from windows only shut down by holding down the power button). Contents of DDS.txt: DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL Run by Admin at 11:22:46.31 on Tue 03/09/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.766.598 [GMT 3:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Desktop\dds.scr C:\WINDOWS\system32\NOTEPAD.EXE ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1142338 uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll mWinlogon: Shell=c:\windows\system32\ast3vau8x.exe mWinlogon: SfcDisable=-99 (0xffffff9d) mWinlogon: UIHost=c:\windows\system32\logonuiX.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [iDTSysTrayApp] sttray.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 StartupFolder: c:\docume~1\admin\startm~1\programs\startup\styler.lnk - c:\docume~1\admin\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Qs Black Shine Blue.wsstyles uPolicies-explorer: NoSMMyDocs = 1 (0x1) uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) uPolicies-system: DisableTaskMgr = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NoSMMyDocs = 1 (0x1) dPolicies-explorer: NoSMMyPictures = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll AppInit_DLLs: aocoyvkrk.dll c:\progra~1\bandoo\bndhook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register ============= SERVICES / DRIVERS =============== R0 ahci7xx;ahci7xx;c:\windows\system32\drivers\ahci7xx.sys [2009-2-9 176136] R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2009-5-15 15416] R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-2-9 9096] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 335240] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-25 27784] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 297752] S2 Seekdns Service;Seekdns Service;"c:\documents and settings\all users\application data\seekdns\seekdns129.exe" "c:\program files\seekdns\seekdns.dll" service --> c:\documents and settings\all users\application data\seekdns\seekdns129.exe [?] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-15 112128] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-14 107360] =============== Created Last 30 ================ 2010-03-09 08:04:34 0 ----a-w- c:\documents and settings\admin\defogger_reenable 2010-03-08 14:34:06 0 d--h--w- c:\windows\system32\GroupPolicy 2010-03-08 13:19:11 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes 2010-03-08 13:18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-08 13:18:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-08 13:18:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-08 13:18:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-08 01:51:54 1678848 ----a-w- c:\windows\system32\aOCOYVkrK.dll 2010-03-08 01:51:43 1678848 ----a-w- c:\windows\system32\ast3vau8x.exe 2010-03-07 03:47:04 0 d-----w- c:\program files\RAR Recovery Toolbox 2010-03-03 06:25:46 0 d-----w- c:\program files\GRETECH 2010-03-03 06:19:52 0 d-----w- c:\program files\Conduit 2010-03-03 06:19:49 0 d-----w- c:\program files\Softonic_English 2010-03-03 06:18:42 0 d-----w- c:\program files\VideoLAN 2010-02-14 14:30:57 0 d-----w- c:\program files\Linksys 2010-02-14 14:20:06 0 d-----w- c:\program files\WebEx ==================== Find3M ==================== 2010-01-16 12:37:48 195268 ----a-w- c:\windows\hpoins40.dat 2009-05-14 12:06:06 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-05-14 12:06:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-05-14 12:06:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051420090515\index.dat 2009-05-14 12:06:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 11:32:21.65 =============== Attach.zip attached... Please help me with this problem, I really appreciate it Thank you, Chadb Attach.zip

Hi, I have a laptop infected with the 'virus protector' malware, after doing some research online I downloaded Malwarebytes to attempt to remove it, please note that my laptop will only boot in safe mode with command prompt, most guides said to boot into safe mode with networking but virus protector starts up when I do that, I managed to install (but not update) Malwarebytes, did a full scan that came up with 15 infections, i cleaned them all up, but when I rebooted virus protector still started up, I then checked online some more and downloaded the latest rules.ref available for download (mbam-rules.exe), I installed it on the infected laptop, did another full scan, which returned 2 more infected files, I removed them, restarted, and it still comes up, I've tried almost everything, I can't do a system restore from safe mode because it's turned off and i can't turn it on in safe mode, i can't run regedit, can't do much really. I even tried to install malwarebytes on my other system (vista) to get the absolute latest rules.ref (I read that the mbam-rules.exe isn't updated as much as the online version) but I can't seem to get into the folder where it should be (access denied) Please advise, Thank you very much...