Jump to content

XP Antimalware got me

Recommended Posts

I have gotten XP Antimalware 2010. I have updated my malwarebytes and scanned with no success. I have also scan with my NOD32 & had no success. Please assist me in removing this. Normally any issues i run across, malwarebytes is my first toll "I use to remove. This one is very tricky as it has not been found. Also while scanning my system in safe mode, after about 5 min. or so , my internet connection fails to connect until I reboot again into safe mode. When booting into windows, this XP antimalware 2010 pops up before any icons, and I cannot do anything in "normal" windows. Please assist if possible. My DDS.txt is below.

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Administrator at 19:58:26.12 on Tue 03/16/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1716 [GMT -4:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch


C:\WINDOWS\system32\svchost.exe -k netsvcs




C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\ahead\lib\NMFirstStart.exe"

mRun: [s3Trayp] S3trayp.exe

mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE

mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\imon.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247363296217

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\763vcb9d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}


c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2009-7-11 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2009-7-11 52224]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-26 392824]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-7-11 13696]

S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-7-12 15424]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 66632]

S2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-7-12 549256]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]

S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-7-11 714240]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]

=============== Created Last 30 ================

2010-03-16 23:53:01 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-16 21:52:42 0 d-sha-r- C:\cmdcons

2010-03-16 21:51:43 98816 ----a-w- c:\windows\sed.exe

2010-03-16 21:51:43 77312 ----a-w- c:\windows\MBR.exe

2010-03-16 21:51:43 261632 ----a-w- c:\windows\PEV.exe

2010-03-16 21:51:43 161792 ----a-w- c:\windows\SWREG.exe

2010-03-16 02:52:35 0 d-sh--w- c:\documents and settings\administrator\PrivacIE

2010-03-11 17:39:11 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cac141c27affda.mof

2010-03-10 06:48:44 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-11 17:49:56 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-01-05 12:19:05 4212 ---h--w- c:\windows\system32\zllictbl.dat

2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll

============= FINISH: 19:58:58.51 ===============


Link to post
Share on other sites

Additional info as well. I attempted to restore the PC to a previous date also with no success.

My malwarebytes log is below.

Malwarebytes' Anti-Malware 1.44

Database version: 3874

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

3/16/2010 7:46:56 PM

mbam-log-2010-03-16 (19-46-56).txt

Scan type: Quick Scan

Objects scanned: 126763

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.