DDS log file - can't complete GMER scan

[Charla S]

Hi, I was sent here from General Topics. I originally posted that my computer restarted in the middle of the GMER scan, and that I wasn't sure if I should start over from the beginning, but as that question wasn't addressed in the reply I received, I just pasted the log I had already completed before the restart in the middle of the scan. I tried 3 times on the GMER, and it restarted my computer each time. I can't run the malwarebytes which is why I'm visiting this site! Thank you for whatever help you can give!

DDS (Ver_09-12-01.01) - NTFSx86

Run by Compaq_Owner at 15:38:56.78 on Sun 02/28/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.160 [GMT -6:00]

AV: Panda Antivirus + Firewall 2007 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}

FW: Panda Antivirus 2007 Personal Firewall *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\hphmon03.exe

C:\WINDOWS\system32\WService.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe

c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.bcisd.net/

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.woodvill.jp/knife/index.html"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [APVXDWIN] "c:\program files\panda software\panda antivirus + firewall 2007\APVXDWIN.EXE" /s

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [AtiPTA] atiptaxx.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [WService] WService.EXE

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HPHmon03] c:\windows\system32\hphmon03.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

StartupFolder: c:\documents and settings\compaq_owner\start menu\programs\startup\RCA Detective.lnk.disabled

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Quicken Scheduled Updates.lnk.disabled

uPolicies-system: EnableProfileQuota = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://10.24.1.3/officescan/console/ClientInstall/WinNTChk.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://10.24.1.3/officescan/console/ClientInstall/setup.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxp://10.24.1.3/officescan/console/html/AtxEnc.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://10.24.1.3/officescan/console/ClientInstall/RemoveCtrl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: {2C941233-92F8-435B-B71A-7C352FF1A2CA} = 65.169.64.2,65.169.64.3

Filter: text/html - {6e110698-67a1-4d6a-9e2f-23a8336efb85} -

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avldr - avldr.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 209.44.111.57 antivguardian.com

Hosts: 209.44.111.57 www.antivguardian.com

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2007-12-26 16855]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-18 64288]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2007-6-19 58800]

R1 atitray;atitray;c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys [2005-11-13 12032]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2007-6-19 49968]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2007-6-19 15792]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2007-6-19 190640]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2007-6-19 121392]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2006-7-10 33952]

R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2007-6-19 36016]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2007-6-19 29360]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2007-6-19 17792]

R2 cpqdiag;Compaq Diagnostics Driver;c:\windows\system32\drivers\Cpqdiag.sys [2005-1-4 41344]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R2 Panda Software Controller;Panda Software Controller;c:\program files\panda software\panda antivirus + firewall 2007\PsCtrlS.exe [2007-6-19 165424]

R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2007-6-12 71680]

R2 PAVFNSVR;Panda Function Service;c:\program files\panda software\panda antivirus + firewall 2007\PavFnSvr.exe [2007-6-19 173616]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2007-6-19 170800]

R2 PAVSRV;Panda anti-virus service;c:\program files\panda software\panda antivirus + firewall 2007\PAVSRV51.EXE [2007-6-19 136752]

R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2007-12-26 21808]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]

R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2009-10-10 18864]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2007-6-19 141872]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

S0 auwye;auwye;c:\windows\system32\drivers\wmqrrg.sys --> c:\windows\system32\drivers\wmqrrg.sys [?]

S0 ekuy;ekuy;c:\windows\system32\drivers\yjukmlda.sys --> c:\windows\system32\drivers\yjukmlda.sys [?]

S0 jgcrt;jgcrt;c:\windows\system32\drivers\hkwsq.sys --> c:\windows\system32\drivers\hkwsq.sys [?]

S0 vkxk;vkxk;c:\windows\system32\drivers\lpupbj.sys --> c:\windows\system32\drivers\lpupbj.sys [?]

S0 weypy;weypy;c:\windows\system32\drivers\tljvabdx.sys --> c:\windows\system32\drivers\tljvabdx.sys [?]

S0 ziqmmohm;ziqmmohm;c:\windows\system32\drivers\vfdg.sys --> c:\windows\system32\drivers\vfdg.sys [?]

S1 ShldDrv;Panda File Shield Driver; [x]

S2 gupdate1c9a42145c8dcfc;Google Update Service (gupdate1c9a42145c8dcfc);c:\program files\google\update\GoogleUpdate.exe [2009-3-13 133104]

S2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2006-2-5 41520]

S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2007-12-26 44256]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2010-02-28 21:37:55 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable

2010-02-21 03:50:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-21 03:38:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-02-21 03:37:05 0 d-----w- c:\program files\Lavasoft

2010-02-01 02:46:04 0 d-----w- c:\windows\NOS

2010-02-01 02:45:57 4096 ----a-w- c:\windows\~DF27BD.tmp

==================== Find3M ====================

2010-02-28 19:38:04 405864 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2010-02-28 19:38:04 405864 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2010-02-28 17:52:49 1224 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2010-02-28 17:52:49 1224 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2010-02-21 03:50:10 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-21 00:03:35 45144 -c--a-w- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT

2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-04-13 17:01:37 108 ----a-w- c:\program files\rpvfev.txt

2005-11-28 02:09:45 774144 -c--a-w- c:\program files\RngInterstitial.dll

2005-11-22 01:34:50 936 ----a-w- c:\program files\Shortcut (2) to HijackThis.lnk

2005-11-22 01:34:44 936 ----a-w- c:\program files\Shortcut to HijackThis.lnk

2008-09-28 02:36:02 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

2008-09-28 02:36:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat

2008-09-28 02:34:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

2008-09-28 02:36:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 15:40:55.67 ===============

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!