john1726

I found a suspicious process running that can not be stopped. it is 562369446:1508670174.exe I can not give you the malwarebytes log file because the program terminates before finishing just like all my anti virus programs. I have attached the zip file. This is the dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by John at 15:00:48 on 2011-10-02 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1503 [GMT -4:00] . AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\562369446:1508670174.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE D:\Program Files\SUPERAntiSpyware\SASCORE.EXE D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe D:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\snmp.exe D:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . mWindow Title = Windows Internet Explorer provided by Comcast mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File TB: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [HijackThis startup scan] d:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan uRun: [DoubleMySpeed Registry Cleaner] "c:\program files\cyberdefender\registry cleaner\CDregclean.exe" mRun: [soundMan] SOUNDMAN.EXE uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) IE: Crawler Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll Trusted Zone: acura.com Trusted Zone: ahm-ownerlink.com Trusted Zone: ahmdealer.com Trusted Zone: honda.com Trusted Zone: xmradio.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 TCP: Interfaces\{BE920253-97EE-44E3-B9A4-3A2A568A4E9F} : DhcpNameServer = 167.206.245.130 167.206.245.129 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli yorupota.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2882843&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\extensions\{49e47062-e81f-4758-892a-2373f9e0db3b}\components\RadioWMPCore.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\extensions\{49e47062-e81f-4758-892a-2373f9e0db3b}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\john\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\98zm6ans.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.3.21.71\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\john\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: d:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: d:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll FF - plugin: d:\program files\videolan\vlc\npvlc.dll . ---- FIREFOX POLICIES ---- FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q= FF - user.js: keyword.enabled - 1 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-1 64512] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67664] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-12 142592] R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2010-7-1 116608] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;d:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-2 566560] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-7-12 28672] S0 mwrbkjrw;mwrbkjrw;c:\windows\system32\drivers\mwrbkjrw.sys [2010-6-9 0] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640] S3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALI5261.SYS [2009-7-12 27678] S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2010-4-27 16640] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 135664] S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [2011-7-23 99968] S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2010-9-19 530304] S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 135664] . =============== Created Last 30 ================ . 2011-10-02 13:07:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-02 13:07:55 -------- d-----w- c:\documents and settings\john\application data\Malwarebytes 2011-10-02 13:07:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-10-02 13:07:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-01 15:23:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-01 15:22:36 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-01 12:08:19 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan 2011-09-30 15:34:06 -------- d--h--w- C:\$AVG 2011-09-30 15:32:26 -------- d-----w- c:\documents and settings\john\application data\AVG2012 2011-09-30 15:31:54 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2011-09-30 15:31:21 -------- d-----w- c:\windows\system32\drivers\AVG 2011-09-30 15:31:21 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2011-09-30 15:30:54 -------- d-----w- c:\program files\AVG 2011-09-30 15:28:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-09-29 15:24:21 -------- d-----w- c:\documents and settings\john\application data\CyberDefender 2011-09-29 15:24:12 -------- d-----w- c:\program files\CyberDefender 2011-09-19 02:37:09 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx 2011-09-19 02:37:09 15360 ----a-w- c:\windows\system32\inetfr.DLL 2011-09-19 02:37:08 484352 ----a-w- c:\windows\system32\lame_enc.dll 2011-09-19 02:37:08 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2011-09-19 02:37:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2011-09-19 02:37:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2011-09-19 02:37:08 -------- d-----w- c:\program files\Free Easy CD DVD Burner 2011-09-19 02:37:08 -------- d-----w- c:\documents and settings\john\application data\FreeBurner 2011-09-05 17:35:16 -------- d-----w- c:\program files\MetaStream 2011-09-05 12:51:37 19569 ----a-w- c:\windows\003217_.tmp . ==================== Find3M ==================== . 2011-09-26 00:47:21 60416 ----a-w- c:\windows\ALCFDRTM.VER 2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-07-07 15:11:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe . ============= FINISH: 15:01:08.15 =============== Attach.zip

I downloaded Defogger, double clicked, clicked disable, clicked yes, clicked ok when it said finished but it does not ask me to reboot. should i just restart?

I am running windows xp my computer has some sort of maleware/trojan and when i tried to use win32kdiag.exe to get a log it says Warning: Could not get back up privilages! Searching C:\Windows... Cannot access C:\windows\pchealth\ERRORREP\Userdumps\winlogon.exe.20100414-141617-00.hdmp [1] 2010-04-14 10:16:17 0 C:\Windows\pchealth\ERRORREP\Userdumps\winlogon.exe.20100414-141617-00.hdmp() Finished! Press any key to exit...