Security virus 2010

[tdark]

Our work computer got infected with several trojans. Antivir Solution Pro is the bad one. I can only use the internet with safemode with networking. I run GMER but could not see the save part. I finally was able to email the log files to my pc using safemode. I hope this will help us start because I am limited on what I can do with this PC. He is mbam log and the other ones mentioned here.

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 17:57:10.54 on Sun 08/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.379 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: moigh Object: {097e8e69-2fe7-406b-a0e3-5387b3529632} - c:\windows\system32\mbvkp.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: adShotHlpr Object: {92856b74-6b6c-498b-8959-35068d2c0264} - c:\windows\system32\qbvkp.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sta] rundll32 "qbvkp.dll",,Run
mRun: [MChk] c:\windows\system32\dbvkp.exe
mRun: [jnegcejl] c:\documents and settings\networkservice\local settings\application data\axdirjaah\rdcbqmetssd.exe
dRun: [Sbomocare] rundll32.exe "c:\windows\kbarean.dll",Startup
dRun: [jnegcejl] c:\documents and settings\networkservice\local settings\application data\axdirjaah\rdcbqmetssd.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236608517086
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240233853262&h=52c4be629b1d82d41a89de296fc242dd/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XULRunner: {B7EED5E6-18B2-461A-AB3A-1D62E907DDA5} - c:\documents and settings\pro shop\local settings\application data\{B7EED5E6-18B2-461A-AB3A-1D62E907DDA5}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-12-19 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2007-12-19 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2007-12-19 39552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2007-12-9 222336]

=============== Created Last 30 ================

2010-08-08 22:55:21 2848 ----a-w- c:\windows\ocatazetif.dll
2010-08-08 21:57:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-08 19:16:09 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-08-08 18:19:42 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-08-08 17:46:23 120 ----a-w- c:\windows\Vkavilekoconisi.dat
2010-08-08 17:46:23 0 ----a-w- c:\windows\Omola.bin
2010-08-08 17:45:17 5 ----a-w- C:\zrpt.xml
2010-08-08 17:45:05 75776 --sha-r- c:\windows\system32\browsewm9.dll
2010-08-08 17:44:36 782848 ----a-w- c:\windows\system32\drivers\otmbckt.sys
2010-08-08 17:44:17 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-07-22 17:37:23 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-16 04:18:18 246784 ----a-w- c:\windows\system32\mbvkp.dll
2010-07-16 04:18:04 294912 ----a-w- c:\windows\system32\qbvkp.dll
2010-07-14 14:06:14 35262 ----a-w- c:\windows\PRO SHOP000.acl
2010-07-14 14:05:01 0 d-----w- c:\windows\ShellNew
2010-07-14 08:01:07 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 00:43:22 40581 ----a-w- c:\windows\system32\dbvkp.exe

==================== Find3M ====================

2010-08-08 19:28:35 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-14 13:32:36 286720 ------w- c:\windows\Setup1.exe
2010-07-14 13:32:34 73216 ----a-w- c:\windows\ST6UNST.EXE

============= FINISH: 17:58:55.74 ===============