Results 1 to 4 of 4

Thread: Case of a very bad Virus(win32 worm)

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Case of a very bad Virus(win32 worm)

    Hello all, Alison here. I am hoping one of the board monitors could help me through a bad virus infecting my home computer. We have spent quite a bit of time trying to resolve, but no luck. No matter what we try, the pc is unusable as the virus keeps coming back.

    My symptom is a pc which is unusable in Normal mode as the icons take 15 minutes to load and then take 5-6 minutes to open once you double click. I can really only use the pc in Safe mode, so keep that in mind if anyone is able to guide me through a removal process.

    Logs are below

    Thank you so much!

    Alison

    DDS Log:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by HP_Owner at 18:45:51 on 2012-01-02
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\HP_Owner.YOUR-D0F670B45A\Desktop\VIRUS\dds.scr
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [nwiz] nwiz.exe /install
    uPolicies-explorer: NoInstrumentation = 1
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{E9E973A8-56AB-48A7-B96B-9370E0D7BADA} : DhcpNameServer = 10.0.0.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? MpFilter;Microsoft Malware Protection Driver
    R? MpKsl66d076ed;MpKsl66d076ed
    R? MpKsl7f8815e1;MpKsl7f8815e1
    R? MpKslb11d6f08;MpKslb11d6f08
    R? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
    R? SASDIFSV;SASDIFSV
    R? SASKUTIL;SASKUTIL
    S? !SASCORE;SAS Core Service
    .
    =============== Created Last 30 ================
    .
    2012-01-02 22:38:08 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\MpKsl66d076ed.sys
    2012-01-02 22:38:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\offreg.dll
    2012-01-02 21:59:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\MpKslb11d6f08.sys
    2012-01-02 19:33:19 -------- d-----w- c:\program files\ESET
    2012-01-02 13:29:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\mpengine.dll
    2012-01-01 23:30:52 20992 ------w- c:\windows\system32\spupdwxp.exe
    2012-01-01 23:29:50 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
    2012-01-01 23:29:32 30208 ------w- c:\windows\system32\napipsec.dll
    2012-01-01 23:29:32 193024 ------w- c:\windows\system32\napmontr.dll
    2012-01-01 23:29:32 176640 ------w- c:\windows\system32\napstat.exe
    2012-01-01 23:29:32 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
    2012-01-01 23:29:31 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2012-01-01 23:29:31 1737856 ------w- c:\windows\system32\mtxparhd.dll
    2012-01-01 23:29:30 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2012-01-01 23:29:29 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-01-01 23:29:29 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
    2012-01-01 23:29:29 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2012-01-01 23:29:19 76800 ------w- c:\windows\system32\msshavmsg.dll
    2012-01-01 23:29:19 155136 ------w- c:\windows\system32\mssha.dll
    2012-01-01 23:27:59 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
    2012-01-01 23:27:59 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
    2012-01-01 23:27:59 42368 ------w- c:\windows\system32\drivers\agp440.sys
    2012-01-01 23:27:59 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
    2012-01-01 23:27:59 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
    2012-01-01 23:27:59 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
    2012-01-01 23:27:59 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
    2012-01-01 23:27:59 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
    2012-01-01 23:27:59 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
    2012-01-01 23:27:58 136192 ------w- c:\windows\system32\aaclient.dll
    2012-01-01 15:55:26 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\TestApp
    2012-01-01 02:53:14 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-01-01 02:53:07 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-01-01 02:53:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-01-01 02:52:51 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2012-01-01 02:52:46 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-01-01 02:52:44 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-01-01 02:52:39 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-01-01 02:52:15 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
    2012-01-01 02:52:11 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2012-01-01 02:50:57 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
    2012-01-01 02:50:53 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
    2012-01-01 02:50:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
    2012-01-01 02:50:41 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2012-01-01 02:50:37 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
    2012-01-01 02:50:33 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
    2012-01-01 02:50:29 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
    2012-01-01 02:50:25 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
    2012-01-01 02:50:22 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
    2012-01-01 02:50:18 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
    2012-01-01 02:50:14 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
    2012-01-01 02:50:07 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
    2012-01-01 02:50:03 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
    2012-01-01 02:48:57 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
    2012-01-01 02:47:58 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
    2012-01-01 02:46:59 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
    2012-01-01 02:45:55 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2012-01-01 02:44:57 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
    2012-01-01 02:43:56 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
    2012-01-01 02:42:58 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
    2012-01-01 02:41:58 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
    2012-01-01 02:41:52 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
    2012-01-01 02:41:47 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
    2012-01-01 02:41:37 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
    2012-01-01 02:41:31 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
    2012-01-01 02:41:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2012-01-01 02:41:25 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
    2012-01-01 02:41:22 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
    2012-01-01 02:41:16 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
    2012-01-01 02:41:13 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
    2012-01-01 02:41:10 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
    2012-01-01 02:41:08 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
    2012-01-01 02:41:05 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
    2012-01-01 02:39:54 5504 ----a-w- c:\windows\system32\dllcache\perc2hib.sys
    2012-01-01 02:38:58 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
    2012-01-01 02:38:55 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
    2012-01-01 02:38:52 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
    2012-01-01 02:38:49 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
    2012-01-01 02:38:46 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
    2012-01-01 02:38:42 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
    2012-01-01 02:38:30 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
    2012-01-01 02:38:27 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
    2012-01-01 02:38:24 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
    2012-01-01 02:38:16 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
    2012-01-01 02:38:13 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
    2012-01-01 02:38:10 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
    2012-01-01 02:38:02 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2012-01-01 02:36:58 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
    2012-01-01 02:36:55 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
    2012-01-01 02:36:53 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
    2012-01-01 02:36:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
    2012-01-01 02:36:46 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2012-01-01 02:36:45 452736 ----a-w- c:\windows\system32\dllcache\mtxparhm.sys
    2012-01-01 02:36:42 1309184 ----a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2012-01-01 02:36:42 126686 ----a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2012-01-01 02:36:24 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2012-01-01 02:36:14 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2012-01-01 02:36:11 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2012-01-01 02:36:00 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2012-01-01 02:35:57 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2012-01-01 02:35:44 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
    2012-01-01 02:35:36 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
    2012-01-01 02:35:28 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2012-01-01 02:35:21 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
    2012-01-01 02:35:19 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
    2012-01-01 02:35:14 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
    2012-01-01 02:35:11 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
    2012-01-01 02:35:07 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2012-01-01 02:35:02 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
    2012-01-01 02:33:43 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
    2012-01-01 02:33:40 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2012-01-01 02:33:26 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
    2012-01-01 02:33:23 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
    2012-01-01 02:33:21 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
    2012-01-01 02:33:16 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
    2012-01-01 02:33:13 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
    2012-01-01 02:33:10 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
    2012-01-01 02:33:00 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
    2012-01-01 02:31:57 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
    2012-01-01 02:30:59 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
    2012-01-01 02:29:59 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
    2012-01-01 02:28:56 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
    2012-01-01 02:27:59 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
    2012-01-01 02:26:58 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys
    2012-01-01 02:25:59 3584 ----a-w- c:\windows\system32\dllcache\cwcosnt5.sys
    2012-01-01 02:24:59 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
    2012-01-01 02:23:59 39552 ----a-w- c:\windows\system32\dllcache\brparwdm.sys
    2012-01-01 02:22:59 63663 ----a-w- c:\windows\system32\dllcache\ati1rvxx.sys
    2012-01-01 02:21:21 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2012-01-01 01:15:14 3584 ----a-r- c:\documents and settings\hp_owner.your-d0f670b45a\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
    2012-01-01 01:15:14 -------- d-----w- c:\program files\Windows Installer Clean Up
    2012-01-01 01:14:59 -------- d-----w- c:\program files\MSECACHE
    2011-12-31 23:46:33 -------- d-----w- c:\program files\common files\HP
    2011-12-28 16:53:14 -------- d-----w- c:\windows\SendTo
    2011-12-28 16:52:36 -------- d-----w- c:\windows\forms
    2011-12-28 16:52:35 -------- d-----w- c:\program files\Windows Messaging
    2011-12-28 16:51:52 -------- d-----w- c:\program files\Microsoft Office2
    2011-12-28 02:32:52 745232 ----a-w- c:\program files\common files\microsoft shared\vba\VBE_cd.DLL
    2011-12-28 02:32:52 745232 ----a-w- c:\program files\common files\microsoft shared\vba\VBE.dll
    2011-12-27 22:21:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-27 22:11:06 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Malwarebytes
    2011-12-27 22:08:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-27 21:36:53 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Yahoo!
    2011-12-24 02:02:25 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Registry Mechanic
    2011-12-24 01:51:49 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2011-12-24 01:51:49 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2011-12-24 01:51:49 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2011-12-24 01:51:49 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2011-12-24 01:51:48 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2011-12-24 01:51:22 -------- d-----w- c:\program files\common files\PC Tools
    2011-12-24 01:51:20 -------- d-----w- c:\program files\PC Tools
    2011-12-24 01:48:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-12-24 01:48:56 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Product_RM
    2011-12-24 01:30:25 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
    2011-12-23 01:55:00 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Google
    2011-12-23 00:06:04 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IECompatCache
    2011-12-18 15:36:19 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Help
    2011-12-18 15:20:46 -------- d-----w- c:\windows\system32\scripting
    2011-12-18 15:20:44 -------- d-----w- c:\windows\system32\en
    2011-12-18 15:20:44 -------- d-----w- c:\windows\system32\bits
    2011-12-18 15:12:39 617472 ----a-w- c:\windows\system32\comctl32.dll
    2011-12-18 15:06:34 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\IsolatedStorage
    2011-12-18 15:06:09 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\HP
    2011-12-18 08:02:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-12-18 01:48:51 0 ----atw- c:\windows\system32\spdwnwxp.exe
    2011-12-18 01:36:26 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-12-18 01:36:26 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-12-18 01:36:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-12-17 19:23:15 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2011-12-17 19:23:14 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2011-12-17 19:22:53 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
    2011-12-17 19:22:51 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
    2011-12-17 19:22:51 48128 ----a-w- c:\windows\system32\hpzll054.dll
    2011-12-17 18:41:35 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2011-12-17 18:41:35 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-12-17 18:41:35 65536 ----a-w- c:\windows\system32\HPZinw12.exe
    2011-12-17 18:41:35 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2011-12-17 18:41:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2011-12-17 18:41:33 282680 ----a-w- c:\windows\system32\HPZidr12.dll
    2011-12-17 16:51:23 -------- d-----w- c:\program files\Convar
    2011-12-17 13:42:32 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-17 13:23:02 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\PrivacIE
    2011-12-17 13:19:40 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IETldCache
    2011-12-17 12:54:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-12-17 12:54:58 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-12-17 12:54:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-12-17 12:54:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-12-17 12:54:58 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-12-17 12:54:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-12-17 12:54:58 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-12-17 04:46:31 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2011-12-17 04:28:09 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-12-17 04:27:55 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2011-12-17 04:27:26 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2011-12-17 04:27:26 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2011-12-17 04:27:16 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2011-12-17 04:26:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-12-17 04:20:09 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
    2011-12-17 04:20:09 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
    2011-12-17 04:20:09 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2011-12-17 04:20:09 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2011-12-17 04:20:09 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-12-17 04:20:09 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2011-12-17 04:20:09 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2011-12-17 04:20:09 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-12-17 04:20:09 110592 ------w- c:\windows\system32\dllcache\services.exe
    2011-12-17 04:20:08 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-12-17 04:20:08 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-12-17 04:20:07 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-12-17 04:19:18 138496 ------w- c:\windows\system32\dllcache\afd.sys
    2011-12-17 04:09:31 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2011-12-17 04:07:03 2560 ------w- c:\windows\system32\xpsp4res.dll
    2011-12-17 04:07:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2011-12-17 04:01:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-12-17 04:01:14 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-12-17 04:01:12 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-12-17 03:35:45 -------- d-----w- c:\windows\system32\PreInstall
    2011-12-17 02:54:36 -------- d-sh--r- C:\cmdcons
    2011-12-17 02:49:40 6345 ----a-r- c:\windows\system32\DevMngr.vxd
    2011-12-17 02:41:29 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Adobe
    2011-12-17 02:36:36 -------- d-sh--r- c:\windows\system32\dllcache
    2011-12-17 02:26:05 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\UserData
    2011-12-17 01:09:22 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\SUPERAntiSpyware.com
    2011-12-17 01:04:30 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-12-11 03:50:59 -------- dc-h--w- c:\windows\ie8
    2011-12-04 17:20:01 -------- d-----w- c:\program files\Conduit
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 18:49:01.18 ===============

    Attach.txt Log:

    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 6.0 Standard
    Adobe Flash Player 11 ActiveX
    AiO_Scan_CDA
    AiOSoftwareNPI
    BroadJump Client Foundation
    BufferChm
    Customer Experience Enhancement
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceManagementQFolder
    Easy Internet Sign-up
    ESET Online Scanner v3
    F300
    F300_Help
    Fax_CDA
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP DVD Play 2.1
    HP Imaging Device Functions 7.0
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Software Update
    HP Solution Center 7.0
    HP Support Overview
    HP Web Helper
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareAlert
    InstantShareDevicesMFC
    J2SE Runtime Environment 5.0 Update 6
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money 2006
    Microsoft Office 97, Professional Edition
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    NewCopy_CDA
    NVIDIA Drivers
    PC-Doctor 5 for Windows
    PC Tools Registry Mechanic 11.0
    ProductContextNPI
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    Readme
    RealPlayer
    Realtek High Definition Audio Driver
    Remove WeatherBug Installer
    Rhapsody
    Scan
    ScannerCopy
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB982381)
    SolutionCenter
    Sonic Express Labeler
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spybot - Search & Destroy
    Status
    Toolbox
    TrayApp
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP (remove only)
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer
    .
    ==== End Of File ===========================

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Ali999,

    Your post is a few days old. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Yes, still need help...

    Yes, most definitely still having a problem. I hope this post has not been closed out. I appreciate any help you can provide.

    Ali
    Last edited by tashi; 2012-02-01 at 20:38. Reason: Date of archive

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Whats telling you that you have a virus? You said it keeps coming back after its removed. Could be another issue for the lagging but we can check farther:

    We will get a download to use. Its called combofix. there is a guide to read first, read through the guide then apply the directions on your own machine. It can be run in safe mode if getting to the desktop takes so long.


    Guide to using Combofix
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •