Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Enterprise Suite


  • This topic is locked This topic is locked
2 replies to this topic

#1 vic457

vic457

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 28 November 2009 - 12:06 PM

RootRepeal will not run ... memory low.


This computer shows that it has AV and FW


I want to install AVG.


DDS (Ver_09-11-24.02) - NTFSx86
Run by Preschool at 6:16:30.69 on Sat 11/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.217 [GMT -6:00]

AV: Enterprise Suite *On-access scanning enabled* (Updated) {1ED39ED7-08A3-4E29-8DAC-5D10956F61A3}
FW: Enterprise Suite *enabled* {FF6B533C-4F16-43D9-BBC2-927BCFFAC6CA}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Preschool\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\13645.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {105C4322-CB93-11D4-9839-00C0F0214711} - hxxp://www.thelearningdestination.com/Student/content//sections//Chpt%201%20Challenging%20Behaviors/chpt%201-challenging%20behaviors/resources/JFWAPICtrl.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxps://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} - hxxp://www.gamehouse.com/ghdlctl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38159.5938657407
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\aaa\rootkit stuff\sysprot\SysProtDrv.sys [2009-11-27 44288]

=============== Created Last 30 ================

2009-11-28 11:45:15 98816 ----a-w- c:\windows\sed.exe
2009-11-28 11:45:15 77312 ----a-w- c:\windows\MBR.exe
2009-11-28 11:45:15 260608 ----a-w- c:\windows\PEV.exe
2009-11-28 11:45:15 161792 ----a-w- c:\windows\SWREG.exe
2009-11-28 11:44:12 389120 ----a-w- c:\windows\system32\CF11568.exe
2009-11-28 02:13:20 0 d-----w- c:\windows\system32\NtmsData
2009-11-28 01:56:56 0 d-----w- c:\program files\Windows Resource Kits
2009-11-27 21:45:26 0 d-----w- c:\documents and settings\preschool\DoctorWeb
2009-11-27 19:47:27 0 d-----w- C:\$AVG
2009-11-27 14:58:07 0 d-sh--w- c:\documents and settings\preschool\IECompatCache
2009-11-27 14:57:51 0 d-sh--w- c:\documents and settings\preschool\PrivacIE
2009-11-27 14:12:16 0 d-----w- c:\windows\system32\scripting
2009-11-27 14:12:14 0 d-----w- c:\windows\l2schemas
2009-11-27 14:12:13 0 d-----w- c:\windows\system32\en
2009-11-27 14:07:43 0 d-----w- c:\windows\network diagnostic
2009-11-27 13:31:15 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-27 13:31:05 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 13:31:05 0 d-----w- c:\docume~1\presch~1\applic~1\SUPERAntiSpyware.com
2009-11-27 13:30:50 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-27 13:26:42 0 d-sh--w- c:\documents and settings\preschool\IETldCache
2009-11-27 13:23:59 92160 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2009-11-27 13:23:31 0 d-----w- c:\windows\ie8updates
2009-11-27 13:22:58 12800 -c--a-w- c:\windows\system32\dllcache\xpshims.dll
2009-11-27 13:22:57 594432 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-27 13:22:57 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-27 13:22:57 246272 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-27 13:22:57 1985536 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2009-11-27 13:22:56 11069440 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2009-11-27 13:21:08 0 dc-h--w- c:\windows\ie8
2009-11-26 22:58:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 22:58:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 22:58:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 22:51:06 0 d-----w- c:\windows\system32\appmgmt
2009-11-26 22:27:14 0 d-----w- C:\Load-CF
2009-11-26 22:05:42 0 d-----w- C:\aaa
2009-11-02 19:10:34 7476 ----a-w- c:\windows\system32\winsocx.dat
2009-11-02 19:10:33 3876 ----a-w- c:\windows\system32\snmpsnal.dat
2009-11-02 19:10:33 0 ----a-w- c:\windows\system32\xmlpqov.dat
2009-11-02 15:17:04 61 ----a-w- c:\windows\system32\mstankpl.dat
2009-11-02 15:17:04 317 ----a-w- c:\windows\system32\wmiprap.dat
2009-11-02 15:17:04 130 ----a-w- c:\windows\system32\extszbl.dat
2009-11-02 15:17:04 0 ----a-w- c:\windows\system32\ipsmonap.dat

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 02:53:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

============= FINISH: 6:17:33.00 ===============

Attached Files


Edited by vic457, 28 November 2009 - 12:08 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:18 AM

Posted 05 December 2009 - 06:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:18 AM

Posted 10 December 2009 - 05:33 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users