Jump to content

Super smart virus


Recommended Posts

I never have a problem getting rid of issues with my comp. I google the answers and always get results.

Until now....

I have done everything on every forum and nothing works. So, I went through the steps posted on this forum in order to post my own topic.

Let me first say:

I cannot run ANY scanner. I can download or install anything, but when I go to scan it either scans for 1 or 2 seconds and shuts off or doesn't scan in the first place.

I downloaded the Avira suggested on this forum and it keeps popping up: Malware found 'TR/Spy.507904.63' was found in file 'C:\\WINDOWS\system32\winlogon.exe' Access to this file was denied. Please select a further action. I choose remove, but it won't remove. It pops up repeatedly. I cannot scan with the antivirus. I have tried everything in normal mode and safe mode. It's the same regardless. I have used rkill.exe, the 'remove fake antivirus.exe', 'TDSSKiller.exe', and another rootkit program that was suggested on one of these types of forums.

I was only able to get the DDS.txt and the attach.txt from the suggestions on this forum. The other two programs will not run for me.

Here is my DDS log:

DDS (Ver_10-10-21.02) - NTFSx86

Run by DELA Family at 10:36:53.82 on Mon 10/25/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.993 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\lxducoms.exe

c:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

"C:\WINDOWS\system32\svchost.exe"

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\DELA Family\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =

uWindow Title = Microsoft Internet Explorer provided by MyDELA

uSearch Bar =

mSearchAssistant =

uURLSearchHooks: WeFiBar Toolbar: {0b876028-b388-4f6d-922f-f52faec8535f} - c:\program files\wefibar\tbWeF1.dll

mURLSearchHooks: H - No File

BHO: WeFiBar Toolbar: {0b876028-b388-4f6d-922f-f52faec8535f} - c:\program files\wefibar\tbWeF1.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File

BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: WeFiBar Toolbar: {0b876028-b388-4f6d-922f-f52faec8535f} - c:\program files\wefibar\tbWeF1.dll

TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [Anders Kjersem: TransBar] c:\program files\anders kjersem\transbar\TransBar.exe /NoConfig

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

uPolicies-explorer: NoWinKeys = 1 (0x1)

uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

uPolicies-explorer: RestrictCpl = 1 (0x1)

uPolicies-disallowrun: 1 = a4apanel.exe

uPolicies-disallowrun: 2 = abc.exe

uPolicies-disallowrun: 3 = aim.exe

uPolicies-disallowrun: 4 = aim10.exe

uPolicies-disallowrun: 5 = aim6.exe

uPolicies-disallowrun: 6 = aim7.exe

uPolicies-disallowrun: 7 = aim8.exe

uPolicies-disallowrun: 8 = aim9.exe

uPolicies-disallowrun: 9 = aimpro.exe

uPolicies-disallowrun: 10 = alexainstaller.exe

uPolicies-disallowrun: 11 = antivirusgolden 4.0.exe

uPolicies-disallowrun: 12 = anydvd.exe

uPolicies-disallowrun: 13 = ares.exe

uPolicies-disallowrun: 14 = arotrial.exe

uPolicies-disallowrun: 15 = asum.exe

uPolicies-disallowrun: 16 = avd.exe

uPolicies-disallowrun: 17 = avg_install.exe

uPolicies-disallowrun: 18 = azureus vuze.exe

uPolicies-disallowrun: 19 = azureus.exe

uPolicies-disallowrun: 20 = bearshare.exe

uPolicies-disallowrun: 21 = bitcomet.exe

uPolicies-disallowrun: 22 = bittorrent.exe

uPolicies-disallowrun: 23 = bndloader.exe

uPolicies-disallowrun: 24 = bootsafe.exe

uPolicies-disallowrun: 25 = bootstrap.exe

uPolicies-disallowrun: 26 = ca.exe

uPolicies-disallowrun: 27 = ca_setup.exe

uPolicies-disallowrun: 28 = cain.exe

uPolicies-disallowrun: 29 = chatserver.exe

uPolicies-disallowrun: 30 = Chunnel.exe

uPolicies-disallowrun: 31 = cmd.bat

uPolicies-disallowrun: 32 = codecaddon1169[1].exe

uPolicies-disallowrun: 33 = command.bat

uPolicies-disallowrun: 34 = compmgmt.msc

uPolicies-disallowrun: 35 = counterspy.exe

uPolicies-disallowrun: 36 = daemon.exe

uPolicies-disallowrun: 37 = dlm.exe

uPolicies-disallowrun: 38 = dlminstaller_2.2.2.89.exe

uPolicies-disallowrun: 39 = downloaderEXE.exe

uPolicies-disallowrun: 40 = dvdmf.exe

uPolicies-disallowrun: 41 = dvdvr.exe

uPolicies-disallowrun: 42 = easyclea.exe

uPolicies-disallowrun: 43 = edonkey.exe

uPolicies-disallowrun: 44 = em2.exe

uPolicies-disallowrun: 45 = emule.exe

uPolicies-disallowrun: 46 = entertainment.exe

uPolicies-disallowrun: 47 = fdm.exe

uPolicies-disallowrun: 48 = fdminst.exe

uPolicies-disallowrun: 49 = fgf173.exe

uPolicies-disallowrun: 50 = flashget.exe

uPolicies-disallowrun: 51 = flashget188en.exe

uPolicies-disallowrun: 52 = frostwire.exe

uPolicies-disallowrun: 53 = frostwire-4.13.3.windows.exe

uPolicies-disallowrun: 54 = fulltiltsetup.exe

uPolicies-disallowrun: 55 = fx-install.exe

uPolicies-disallowrun: 56 = gameconsole-wildgames.exe

uPolicies-disallowrun: 57 = gdonkey.exe

uPolicies-disallowrun: 58 = gnucleus.exe

uPolicies-disallowrun: 59 = gnucleus_2.0.2.0.exe

uPolicies-disallowrun: 60 = googledesktopsetup.exe

uPolicies-disallowrun: 61 = googletalk.exe

uPolicies-disallowrun: 62 = googletalk-setup.exe

uPolicies-disallowrun: 64 = HJTinstall.exe

uPolicies-disallowrun: 65 = icq.exe

uPolicies-disallowrun: 66 = ie5setup.exe

uPolicies-disallowrun: 67 = ie6setup.exe

uPolicies-disallowrun: 68 = ie7setup.exe

uPolicies-disallowrun: 69 = ie7setup_g.exe

uPolicies-disallowrun: 70 = ie7setup_mail.exe

uPolicies-disallowrun: 71 = ieDefender.exe

uPolicies-disallowrun: 72 = imesh.exe

uPolicies-disallowrun: 73 = imvuclient.exe

uPolicies-disallowrun: 74 = insaniquariumsetup.exe

uPolicies-disallowrun: 75 = install_aim.exe

uPolicies-disallowrun: 76 = install_aim_4.8.2790.exe

uPolicies-disallowrun: 77 = install_aim59.exe

uPolicies-disallowrun: 78 = install_messenger.exe

uPolicies-disallowrun: 79 = insticq.exe

uPolicies-disallowrun: 80 = Internet gamebox.exe

uPolicies-disallowrun: 81 = iplayer.exe

uPolicies-disallowrun: 82 = ipwins.exe

uPolicies-disallowrun: 83 = isamntr.exe

uPolicies-disallowrun: 84 = ismmodule2.exe

uPolicies-disallowrun: 85 = john-386.exe

uPolicies-disallowrun: 86 = kazaa.exe

uPolicies-disallowrun: 87 = kazaa_setup.exe

uPolicies-disallowrun: 88 = klite.exe

uPolicies-disallowrun: 89 = krl1008.exe

uPolicies-disallowrun: 90 = lcp.exe

uPolicies-disallowrun: 91 = lcp504en.exe

uPolicies-disallowrun: 92 = limewire.exe

uPolicies-disallowrun: 93 = limewirein.exe

uPolicies-disallowrun: 94 = luckyremindersetup.exe

uPolicies-disallowrun: 95 = maketorrent.exe

uPolicies-disallowrun: 96 = mangoencoderTL_R.exe

uPolicies-disallowrun: 97 = MediaMonkey.exe

uPolicies-disallowrun: 98 = minibuninstaller.exe

uPolicies-disallowrun: 99 = mixcraft.exe

uPolicies-disallowrun: 100 = morpheus.exe

uPolicies-disallowrun: 101 = Morpheusultra54b.exe

uPolicies-disallowrun: 102 = msgr6us.exe

uPolicies-disallowrun: 103 = msgr7us.exe

uPolicies-disallowrun: 104 = msgr7us[1].exe

uPolicies-disallowrun: 105 = msgr8us.exe

uPolicies-disallowrun: 106 = msgr8us[1].exe

uPolicies-disallowrun: 107 = msiexec.exe

uPolicies-disallowrun: 108 = msnmsgs.msi

uPolicies-disallowrun: 109 = mymorpheustoolbar.exe

uPolicies-disallowrun: 110 = myspaceim.exe

uPolicies-disallowrun: 111 = myspaceim_setup.exe

uPolicies-disallowrun: 112 = mysurveymessenger.exe

uPolicies-disallowrun: 113 = nero.exe

uPolicies-disallowrun: 114 = nerovision.exe

uPolicies-disallowrun: 115 = netmon.exe

uPolicies-disallowrun: 116 = netset.exe

uPolicies-disallowrun: 117 = netsetclient.exe

uPolicies-disallowrun: 118 = pacificpoker.exe

uPolicies-disallowrun: 119 = partypokersetup.exe

uPolicies-disallowrun: 120 = phex.exe

uPolicies-disallowrun: 121 = phex_2.0.2.76.exe

uPolicies-disallowrun: 122 = plaxioietlbrinstallnt.exe

uPolicies-disallowrun: 123 = play89.exe

uPolicies-disallowrun: 124 = playlink.exe

uPolicies-disallowrun: 125 = playlink.msi

uPolicies-disallowrun: 126 = pmmnt.exe

uPolicies-disallowrun: 127 = pmsnrr.exe

uPolicies-disallowrun: 128 = pokerstarsinstall.exe

uPolicies-disallowrun: 129 = poweriso.exe

uPolicies-disallowrun: 130 = powertoysetup.exe

uPolicies-disallowrun: 131 = qbeez2setup.exe

uPolicies-disallowrun: 132 = qualitycodec.589.exe

uPolicies-disallowrun: 133 = realarcade ci stub.exe

uPolicies-disallowrun: 134 = recode.exe

uPolicies-disallowrun: 135 = regclean.exe

uPolicies-disallowrun: 136 = rhapsodyinstaller.exe

uPolicies-disallowrun: 137 = rhapsodyplayerengine_inst_win_oem.msi

uPolicies-disallowrun: 138 = rminstall.exe

uPolicies-disallowrun: 139 = rnarcade.exe

uPolicies-disallowrun: 140 = sau.exe

uPolicies-disallowrun: 141 = sau101en.exe

uPolicies-disallowrun: 142 = sb11ieaddonsetup.exe

uPolicies-disallowrun: 143 = sc.exe

uPolicies-disallowrun: 144 = sc_setup.exe

uPolicies-disallowrun: 145 = sdsetup.exe

uPolicies-disallowrun: 146 = searchbar11full.exe

uPolicies-disallowrun: 147 = searchbar11min.exe

uPolicies-disallowrun: 148 = seekmo.exe

uPolicies-disallowrun: 149 = setup1.exe

uPolicies-disallowrun: 150 = setupsearchbar.exe

uPolicies-disallowrun: 151 = sfinstall.exe

uPolicies-disallowrun: 152 = shareaza.exe

uPolicies-disallowrun: 153 = Silverlight.1.0.exe

uPolicies-disallowrun: 154 = sinstaller.exe

uPolicies-disallowrun: 155 = sinstaller2.exe

uPolicies-disallowrun: 156 = skin.exe

uPolicies-disallowrun: 157 = spchapi.exe

uPolicies-disallowrun: 158 = spydawn.exe

uPolicies-disallowrun: 159 = spyhunter.exe

uPolicies-disallowrun: 160 = spyhunter-detection-utility.exe

uPolicies-disallowrun: 161 = spylocked 3.1.exe

uPolicies-disallowrun: 162 = spylocked 3.6.exe

uPolicies-disallowrun: 163 = spylocked 3.7.exe

uPolicies-disallowrun: 164 = spylocked 3.8.exe

uPolicies-disallowrun: 165 = spylocked 3.9.exe

uPolicies-disallowrun: 166 = spylocked 4.0.exe

uPolicies-disallowrun: 167 = spylocked 4.1.exe

uPolicies-disallowrun: 168 = spylocked 4.2.exe

uPolicies-disallowrun: 169 = spylocked 4.3.exe

uPolicies-disallowrun: 170 = spylocked.exe

uPolicies-disallowrun: 171 = spy-locked.exe

uPolicies-disallowrun: 172 = spysheriff.exe

uPolicies-disallowrun: 173 = spyshredder.exe

uPolicies-disallowrun: 174 = spysweeper.exe

uPolicies-disallowrun: 175 = spyware_quake.exe

uPolicies-disallowrun: 176 = spywarelock.exe

uPolicies-disallowrun: 177 = spywarelocked 3.2.exe

uPolicies-disallowrun: 178 = spywarelocked 3.3.exe

uPolicies-disallowrun: 179 = spywarelocked 3.4.exe

uPolicies-disallowrun: 180 = spywarelocked 3.5.exe

uPolicies-disallowrun: 181 = spywarelocked.exe

uPolicies-disallowrun: 182 = spywarequake.exe

uPolicies-disallowrun: 183 = spywarequakeinstaller.exe

uPolicies-disallowrun: 184 = steaminstaller.msi

uPolicies-disallowrun: 185 = STOPzilla_setup.exe

uPolicies-disallowrun: 186 = swapper.exe

uPolicies-disallowrun: 187 = swappersetup.exe

uPolicies-disallowrun: 188 = swdoctor.exe

uPolicies-disallowrun: 189 = swq.exe

uPolicies-disallowrun: 190 = systemdefender_installer.exe

uPolicies-disallowrun: 191 = thelounge-setup.exe

uPolicies-disallowrun: 192 = theweatherchannel_dw5_stubweather5.exe

uPolicies-disallowrun: 193 = tmksrvu.exe

uPolicies-disallowrun: 194 = toolbar.exe

uPolicies-disallowrun: 195 = trillian.exe

uPolicies-disallowrun: 196 = turbobt.exe

uPolicies-disallowrun: 197 = ucleaner.exe

uPolicies-disallowrun: 198 = UltimateCleaner_Installer.exe

uPolicies-disallowrun: 199 = urge.exe

uPolicies-disallowrun: 200 = urge_release_1.1.6090.0.exe

uPolicies-disallowrun: 201 = urgems.exe

uPolicies-disallowrun: 202 = urgesetup.exe

uPolicies-disallowrun: 203 = utorrent.exe

uPolicies-disallowrun: 204 = virtualvillagers.exe

uPolicies-disallowrun: 205 = virusbusters.exe

uPolicies-disallowrun: 206 = vray.exe

uPolicies-disallowrun: 207 = vray_setup.exe

uPolicies-disallowrun: 208 = wcreator.exe

uPolicies-disallowrun: 209 = weather.exe

uPolicies-disallowrun: 210 = webpalyerconfig.exe

uPolicies-disallowrun: 211 = whse.exe

uPolicies-disallowrun: 212 = winamp.exe

uPolicies-disallowrun: 213 = winmx music.exe

uPolicies-disallowrun: 214 = winmx.exe

uPolicies-disallowrun: 215 = wlttoolbarsetup.exe

uPolicies-disallowrun: 216 = wmcsetup_en.exe

uPolicies-disallowrun: 217 = wowclient-downloader.exe

uPolicies-disallowrun: 218 = wtlib.exe

uPolicies-disallowrun: 219 = xolox.exe

uPolicies-disallowrun: 220 = yahoomessenger.exe

uPolicies-disallowrun: 221 = ymsgr6us.exe

uPolicies-disallowrun: 222 = ymsgr7us.exe

uPolicies-disallowrun: 223 = ymsgr8us.exe

uPolicies-disallowrun: 224 = ypdater.exe

uPolicies-disallowrun: 225 = zango easy messenger.exe

uPolicies-disallowrun: 226 = zango.exe

uPolicies-disallowrun: 227 = zango.im installer79.exe

uPolicies-disallowrun: 228 = zangogotbinstaller.exe

uPolicies-disallowrun: 229 = zwinkysetup2.2.60.0.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193667381687

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\delafa~1\applic~1\mozilla\firefox\profiles\3izz7cut.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1682929&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\{0b876028-b388-4f6d-922f-f52faec8535f}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\{0b876028-b388-4f6d-922f-f52faec8535f}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\dela family\application data\mozilla\firefox\profiles\3izz7cut.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\dela family\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{e597d48d-11c5-5f88-892f-76a8ffc32a4b}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: browser.search.order.1 - Search

FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.search-clsid", "{7080AFC3-9546-453A-9AA1-83DC25378D62}");

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-25 11608]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-25 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-25 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-25 60936]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-26 108032]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-9-28 11696]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]

S2 cvhsvc;Client Virtualization Handler;"c:\program files\common files\microsoft shared\virtualization handler\cvhsvc.exe" --> c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]

S2 KMService;KMService;c:\windows\system32\srvany.exe --> c:\windows\system32\srvany.exe [?]

S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-11-21 6016]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-2 30192]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 NDISKIO;NDISKIO;c:\docume~1\delafa~1\locals~1\temp\0000078d.nmc\nse\bin\ndiskio.sys [2010-10-24 24168]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-5-25 137560]

S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-10-25 14:10:21 -------- d-----w- c:\docume~1\delafa~1\applic~1\Avira

2010-10-25 13:14:37 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-25 13:14:37 -------- d-----w- c:\program files\Avira

2010-10-25 13:14:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-10-25 03:12:05 -------- d-----w- c:\program files\Sophos

2010-10-25 00:57:09 -------- d-----w- c:\docume~1\delafa~1\applic~1\SUPERAntiSpyware.com

2010-10-25 00:57:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-10-25 00:56:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-24 19:13:38 -------- d-----w- C:\TDSSKiller_Quarantine

2010-10-24 19:11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-24 19:11:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-24 18:54:52 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys

2010-10-24 17:07:11 53248 ----a-w- c:\windows\system32\6to4v32.dll

2010-10-24 13:11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-24 12:54:37 -------- d-----w- c:\program files\Kill

2010-10-24 02:50:38 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-10-24 02:33:25 -------- d-----w- c:\docume~1\delafa~1\applic~1\AVG10

2010-10-24 02:31:05 -------- d-----w- c:\windows\system32\drivers\AVG

2010-10-24 02:31:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-10-24 02:30:47 -------- d-----w- c:\program files\AVG

2010-10-24 01:28:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-10-24 00:29:24 4810 ----a-w- c:\windows\system32\tmp.reg

2010-10-23 23:46:35 1409 ----a-w- c:\windows\QTFont.for

2010-10-23 03:49:10 20480 ----a-w- c:\windows\system32\hidserv.dll

2010-10-23 02:22:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-10-23 02:22:01 -------- d-----w- c:\program files\Security Task Manager

2010-10-22 05:04:59 204 ----a-w- c:\docume~1\delafa~1\applic~1\16285.bat

2010-10-22 05:04:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSTB

2010-10-22 05:04:11 -------- d-----w- c:\docume~1\delafa~1\applic~1\776380080E500FB6A5AAC453149F44B4

2010-10-20 04:44:06 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-10-20 04:39:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-10-20 04:38:32 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-20 03:33:24 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-10-20 02:53:29 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-10-20 02:53:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-10-20 02:52:06 -------- d-----w- c:\docume~1\delafa~1\applic~1\DAEMON Tools Lite

2010-10-20 02:52:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2010-10-14 21:08:36 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 21:08:36 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 21:08:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-05 02:04:11 -------- d-----w- c:\docume~1\delafa~1\locals~1\applic~1\Sony

2010-10-05 01:56:19 -------- d-----w- c:\program files\Sony

2010-09-30 20:06:10 171520 ----a-w- c:\windows\blobber.scr

2010-09-29 20:02:36 383476 ----a-w- c:\documents and settings\all users\SPL29E.tmp

2010-09-29 20:01:46 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol500.dll

2010-09-29 20:01:46 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2010-09-29 20:01:46 -------- d-----w- c:\docume~1\delafa~1\applic~1\Catalina Marketing Corp

2010-09-27 15:25:07 89088 ----a-w- c:\windows\system32\atl71.dll

2010-09-27 15:24:16 -------- d-----w- c:\program files\IObit

2010-09-27 15:24:16 -------- d-----w- c:\docume~1\delafa~1\applic~1\IObit

2010-09-27 15:23:52 -------- d-----w- c:\docume~1\delafa~1\applic~1\iComment

2010-09-27 15:23:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment

2010-09-27 15:23:46 -------- d-----w- c:\docume~1\delafa~1\applic~1\Rubar-Toolbar

2010-09-27 15:22:33 -------- d-----w- c:\program files\The Weather Channel FW

2010-09-27 15:22:24 -------- d-----w- c:\docume~1\delafa~1\locals~1\applic~1\The Weather Channel

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 17:53:00 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-07 16:42:21 398744 ----a-r- c:\windows\system32\cpnprt2.cid

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2008-04-14 00:12:28 60416 -csha-w- c:\windows\bricopacks\sysfiles\80_msimn.exe

============= FINISH: 10:38:56.09 ===============

Thank you in advance for your response

Link to post
Share on other sites

post-32477-1261866970.gif

Looks like you're running 2 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

avg10

Avira

Reboot and Also please describe how your computer behaves at the moment

Link to post
Share on other sites

post-32477-1261866970.gif

Looks like you're running 2 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

avg10

Avira

Reboot and Also please describe how your computer behaves at the moment

AVG is not installed in my computer. It never would fully let me install it. It gave me an error at the last stage. It's not in my add/remove programs list or anywhere else, so I don't know why it's showing up. However, I deleted Avira and rebooted. It's still acting the same way.

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

I ran the eset scanner. After it was done, I tried to open the log to copy and paste, but my computer was frozen. I restarted the comp and haven't been able to get it to come on since. I have tried safe mode, safe mode with networking, last known configuration, it doesnt matter what i do, the computer will not start up. Occasionally I get an error that pops up:

c00002a Fatal System Error

I am on another computer responding to this because I can't figure out what to do with that computer.

Link to post
Share on other sites

If it won't start-up, then your only choice might be a system repair / install.

http://forums.malwarebytes.org/index.php?showtopic=61918

Well, I lost everything. I wish I had backed up all of my stuff before I came on here for advice. Not that anyone on here did anything wrong, but I was unable to even start my computer after I tried this. At least before I could get on, I just had an awful virus.

Anyone having this problem, PLEASE BACKUP YOUR SYSTEM BEFORE TAKING THESE STEPS!!!!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.