Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AV Security Suite


  • This topic is locked This topic is locked
1 reply to this topic

#1 itswhitebear

itswhitebear

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 08 June 2010 - 03:08 PM

Hi there. I'm having problems with my PC and this virus. I used MBAM to scan for the virus, and it even deleted it. But now when I log back on, I keep getting the popups and alerts from AVSS. I really want to be able to get rid of this, but I'm not exactly computer-savvy. I have a feeling I did something wrong when the MBAM scan was finished, but I'm not sure, so I'll go along with this for now.

I have been using Debugging Mode from the F8 Menu for the past few months (due to a different, but unrelated problem), so that has been all anyone has been using while on this PC (this post included).

I am using a Gateway PC (unsure of the model), with Pentium 4 CPU, and Windows XP Home Edition Version 2002, with Service Pack 3.

I did manage to get a DDS scan, but the computer rebooted itself when I tried to run a GMER scan, and I couldn't save a log of it. I am including the DDS and Attach.txt files.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Michael at 10:47:02.83 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.92 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Outdated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://mail.google.com/mail/h/1l6b71j0jk70d/?shva=1&zy=g&f=1
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:pers-abpmu-1760051754@craigslist.org?subject=Don't%20you%20hate%20it%20when...%20-%2022%20(sacramento)&body=%0A%0Ahttp%3A%2F%2Fsacramento.craigslist.org%2Fw4m%2F1760051754.html%0A
uInternet Settings,ProxyServer = http=127.0.0.1:1040
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: JSLoader Class: {7d30f20a-5577-4c73-8d9b-ab1ede8dc94b} - c:\documents and settings\emilia\application data\facebookstyleie\FaceBookBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [gkljsoyt] "c:\documents and settings\michael\local settings\application data\pbquhds\onoihdp.exe"
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FBSMTWB; .NET CLR 1.1.4322; IEMB3; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;ENUS; AskTB5.2)" -"http://www.gaiaonline.com/games/housing/?mode=editor&cachebust=9"
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [XeroxScannerDaemon] "c:\program files\xerox\nwwia\XrxFTPLt.exe"
mRun: [gkljsoyt] "c:\documents and settings\michael\local settings\application data\pbquhds\onoihdp.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\michael\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147489973499
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-8 218592]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-8 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-8 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-8 1142224]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-2-3 1201640]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2006-10-5 14336]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-10-3 28672]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-11-8 27904]

=============== Created Last 30 ================

2010-06-08 17:27:07 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-08 17:27:07 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-08 17:26:58 0 d-----w- c:\docume~1\michael\applic~1\PC Tools
2010-06-08 17:26:58 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-08 09:30:18 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-08 09:30:18 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 09:30:17 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-08 09:30:17 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-08 09:30:17 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-08 09:30:17 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-08 09:30:17 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-08 09:30:17 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-08 09:30:17 131 ----a-w- c:\windows\IDB.zip
2010-06-08 09:30:17 1152444 ----a-w- c:\windows\UDB.zip
2010-06-08 09:28:34 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-08 09:28:34 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-08 09:28:11 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-08 09:28:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-08 09:28:11 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-08 09:28:11 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-08 09:27:26 0 d-----w- c:\program files\common files\PC Tools
2010-06-08 09:27:22 0 d-----w- c:\program files\Spyware Doctor
2010-06-08 07:10:52 0 d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2010-06-08 07:10:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 07:10:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-08 07:10:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 07:10:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-10 22:32:23 0 d-----w- c:\docume~1\michael\applic~1\Trillian

==================== Find3M ====================

2008-09-20 22:05:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat
2009-04-30 23:39:08 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-30 23:39:08 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-30 23:39:08 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 10:48:22.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 itswhitebear

itswhitebear
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 June 2010 - 06:11 PM

Mods, feel free to close this topic, as I have fixed the problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users