Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with dr gaurd windows xp security center


  • This topic is locked This topic is locked
4 replies to this topic

#1 bippes

bippes

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 04 March 2010 - 12:21 PM

V: Dr. Guard *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\intel\intel matrix storage manager\iaanotif .exe
c:\program files\hp digitalmedia archive\dmascheduler .exe
c:\program files\hp\hp software update\hpwuschd2 .exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\A9ZXEH1J\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]

BC AdBot (Login to Remove)

 


#2 bippes

bippes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 04 March 2010 - 12:32 PM

further details:
Cannot open GMER
tried to run
ran avira and spybot in safe mode removed a bunch of different spyware,malware,
cannot open files without it asking me for the appropriate program, got in way over my head and posted here.

#3 bippes

bippes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 March 2010 - 10:25 AM

My computer is going down hill fast. I do not want to do anything for fear of making it worse. Internet very slow now, cannot open files missing rundll, the original malware is not popping up, but I am very concerned PLEASE HELP ME

#4 bippes

bippes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 March 2010 - 02:11 PM

well I could not resist. problems seem to be taken care of. I don not know how to end topic or wether I should do a new log and ask for review of it. So much helpful info here, Thanks for checking out my post.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:33 PM

Posted 07 March 2010 - 08:27 PM

Thanks for letting us know thumbup2.gif

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users