Jump to content

Pretty bad infection.


Recommended Posts

I managed to run MBAM, Avira and DDS, but whenever I run GMER, my system freezes and I have to manually turn off the computer (Yeah I'm aware that's bad). Here are the logs I managed to obtain:

DDS

DDS (Ver_10-11-10.01) - NTFSx86

Run by Compaq_Administrator at 21:30:22.87 on Wed 11/24/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.89 [GMT -5:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 4.0\aoltb.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macrom

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.