BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Remove antivirus pro and/or other infections please? ty
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Remove antivirus pro and/or other infections please? ty  
Forum Quick Jump
 
New Topic Post reply to : Remove antivirus pro and/or other infections please? ty Printable version of : Remove antivirus pro and/or other infections please? ty
[ << Previous Thread | Next Thread >> ]

drakan3187
New Member


Date Joined Nov 2009
Total Posts : 4
 
   Posted 11/26/2009 5:22 PM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
My mother has been complaining of a lot of pop ups on her desktop (usually in porn fashion) and also the Antivirus System Pro 2009 pop up as well. I don't know how to decipher the logs but will post the ones i believe you will need. Any help is greatly appreciated. The pop ups do overwhelm her computer at times leaving no other option than to manually turn it off from what I understand from her.
Thank you All!!!!
 
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:33 PM, on 11/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 esysprotector2009.microsoft.com
O1 - Hosts: 91.212.127.227 esysprotector2009.com
O1 - Hosts: 91.212.127.227 www.esysprotector2009.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: []  (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} (GameTap Web Plugin) - http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9e0bdb40deb2) (gupdate1c9e0bdb40deb2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11060 bytes
MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 5.1.2600 Service Pack 3
11/21/2009 12:43:15 PM
mbam-log-2009-11-21 (12-43-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 200348
Time elapsed: 1 hour(s), 11 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\ddsme.kl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ddsme.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{624f9012-d73b-11dd-95af-61c156d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{52cde0e4-d73b-11dd-9b90-fcc056d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkjrkupd (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkjrkupd (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Marnie\Local Settings\Application Data\aamqsp\pstcsysguard.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{74C9AA7F-3B54-4C56-86BB-A0CC4EA7C559}\RP792\A0113263.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{74C9AA7F-3B54-4C56-86BB-A0CC4EA7C559}\RP798\A0113331.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146120114.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465149.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465449.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465653.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
DDS:

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Marnie at 13:00:16.60 on Sat 11/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.135 [GMT -5:00]
AV: Norton 360 *On-access scanning enabled* (Updated)   {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled*   {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\Marnie\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.pogo.com/home/home.do
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
mPolicies-explorer: <NO NAME> =
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - hxxp://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-9 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-9 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2004-6-9 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
S0 e244b8de60491926380db35e44121e6e;e244b8de60491926380db35e44121e6e;c:\windows\system32\e244b8de60491926380db35e44121e6e.sys --> c:\windows\system32\e244b8de60491926380db35e44121e6e.sys [?]
S2 gupdate1c9e0bdb40deb2;Google Update Service (gupdate1c9e0bdb40deb2);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
=============== Created Last 30 ================
2009-11-21 16:29:00 0 d-----w- c:\docume~1\marnie\applic~1\Malwarebytes
2009-11-21 16:28:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 16:28:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 16:28:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 16:28:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 16:23:56 0 d-----w- c:\program files\Trend Micro
2009-11-21 16:12:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-21 16:12:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-21 16:12:49 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-21 16:12:49 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-09 23:44:03 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 23:44:02 883 ----a-w- c:\windows\RegSDImport.xml
2009-11-09 23:44:02 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-09 23:44:02 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 23:44:02 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 23:44:02 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 23:44:02 131 ----a-w- c:\windows\IDB.zip
2009-11-09 23:44:02 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 23:38:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-09 23:38:22 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 23:37:32 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 23:37:32 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-09 23:37:32 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-09 23:37:32 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 23:37:10 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-09 23:37:10 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 23:36:54 0 d-----w- c:\program files\Spyware Doctor
2009-11-09 23:36:54 0 d-----w- c:\program files\common files\PC Tools
2009-11-09 23:36:54 0 d-----w- c:\docume~1\marnie\applic~1\PC Tools
2009-11-09 23:36:54 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-01 15:18:26 0 d-----w- c:\program files\ahdosw
==================== Find3M  ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-05 07:07:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat
============= FINISH: 13:01:19.28 ===============
ATTACH (other DDS):

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/25/2008 1:13:28 PM
System Uptime: 11/21/2009 12:45:16 PM (1 hours ago)
Motherboard: Dell Computer Corp. |  | 0F4491
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 76.481 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP720: 8/17/2009 9:31:24 AM - System Checkpoint
RP721: 8/18/2009 10:32:31 AM - System Checkpoint
RP722: 8/19/2009 10:33:10 AM - System Checkpoint
RP723: 8/20/2009 11:17:42 AM - System Checkpoint
RP724: 8/21/2009 11:56:09 AM - System Checkpoint
RP725: 8/22/2009 12:04:11 PM - System Checkpoint
RP726: 8/23/2009 1:19:48 PM - System Checkpoint
RP727: 8/24/2009 2:05:26 PM - System Checkpoint
RP728: 8/25/2009 4:36:44 PM - System Checkpoint
RP729: 8/26/2009 5:31:03 PM - System Checkpoint
RP730: 8/26/2009 8:11:41 PM - Software Distribution Service 3.0
RP731: 8/27/2009 8:37:02 PM - System Checkpoint
RP732: 8/29/2009 2:18:08 AM - System Checkpoint
RP733: 8/30/2009 8:14:05 AM - Software Distribution Service 3.0
RP734: 8/30/2009 8:28:32 AM - Software Distribution Service 3.0
RP735: 8/30/2009 8:43:32 AM - Removed Microsoft Silverlight
RP736: 8/31/2009 4:58:48 PM - System Checkpoint
RP737: 9/1/2009 5:44:15 PM - System Checkpoint
RP738: 9/2/2009 6:15:59 PM - System Checkpoint
RP739: 9/3/2009 7:35:06 PM - System Checkpoint
RP740: 9/5/2009 7:54:06 AM - System Checkpoint
RP741: 9/6/2009 10:18:35 AM - System Checkpoint
RP742: 9/7/2009 2:00:22 PM - System Checkpoint
RP743: 9/8/2009 5:06:40 PM - System Checkpoint
RP744: 9/9/2009 6:21:15 PM - System Checkpoint
RP745: 9/10/2009 7:09:01 PM - Software Distribution Service 3.0
RP746: 9/11/2009 3:14:29 PM - Installed Compatibility Pack for the 2007 Office system
RP747: 9/12/2009 4:11:27 PM - System Checkpoint
RP748: 9/13/2009 4:35:18 PM - System Checkpoint
RP749: 9/14/2009 6:29:49 PM - System Checkpoint
RP750: 9/15/2009 7:53:22 PM - System Checkpoint
RP751: 9/16/2009 9:30:15 PM - System Checkpoint
RP752: 9/18/2009 4:33:58 PM - System Checkpoint
RP753: 9/19/2009 4:42:46 PM - System Checkpoint
RP754: 9/20/2009 5:16:30 PM - System Checkpoint
RP755: 9/21/2009 6:54:27 PM - System Checkpoint
RP756: 9/23/2009 4:39:30 PM - System Checkpoint
RP757: 9/24/2009 4:42:32 PM - System Checkpoint
RP758: 9/25/2009 5:45:31 PM - System Checkpoint
RP759: 9/26/2009 6:26:31 PM - System Checkpoint
RP760: 9/27/2009 6:53:11 PM - System Checkpoint
RP761: 9/28/2009 7:10:15 PM - System Checkpoint
RP762: 9/29/2009 7:11:20 PM - System Checkpoint
RP763: 9/30/2009 9:28:21 PM - System Checkpoint
RP764: 10/1/2009 10:55:07 PM - System Checkpoint
RP765: 10/3/2009 12:59:16 PM - System Checkpoint
RP766: 10/4/2009 1:24:29 PM - System Checkpoint
RP767: 10/5/2009 2:07:19 PM - System Checkpoint
RP768: 10/5/2009 7:13:58 PM - Configured SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP769: 10/5/2009 7:17:44 PM - Configured SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP770: 10/5/2009 7:22:14 PM - Configured SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP771: 10/5/2009 7:23:18 PM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP772: 10/6/2009 7:49:27 PM - System Checkpoint
RP773: 10/8/2009 7:47:26 AM - System Checkpoint
RP774: 10/9/2009 5:06:10 PM - System Checkpoint
RP775: 10/10/2009 5:10:26 PM - System Checkpoint
RP776: 10/11/2009 7:29:09 PM - System Checkpoint
RP777: 10/13/2009 5:45:40 PM - System Checkpoint
RP778: 10/14/2009 6:16:54 PM - System Checkpoint
RP779: 10/15/2009 6:45:27 PM - System Checkpoint
RP780: 10/16/2009 6:56:43 PM - System Checkpoint
RP781: 10/17/2009 7:08:15 PM - System Checkpoint
RP782: 10/18/2009 8:00:06 PM - System Checkpoint
RP783: 10/19/2009 9:14:03 PM - System Checkpoint
RP784: 10/21/2009 4:42:21 PM - System Checkpoint
RP785: 10/22/2009 6:17:18 PM - System Checkpoint
RP786: 10/23/2009 7:05:09 PM - System Checkpoint
RP787: 10/24/2009 7:13:07 PM - System Checkpoint
RP788: 10/25/2009 7:43:09 PM - System Checkpoint
RP789: 10/27/2009 6:24:23 PM - System Checkpoint
RP790: 10/28/2009 6:27:24 PM - System Checkpoint
RP791: 10/29/2009 7:19:02 PM - System Checkpoint
RP792: 10/31/2009 11:07:52 AM - System Checkpoint
RP793: 11/1/2009 1:11:03 PM - System Checkpoint
RP794: 11/2/2009 8:07:45 PM - System Checkpoint
RP795: 11/3/2009 8:21:09 PM - System Checkpoint
RP796: 11/4/2009 9:11:09 PM - System Checkpoint
RP797: 11/5/2009 9:20:34 PM - System Checkpoint
RP798: 11/7/2009 12:00:44 PM - System Checkpoint
RP799: 11/8/2009 11:14:47 AM - System Checkpoint
RP800: 11/9/2009 11:45:22 AM - System Checkpoint
RP801: 11/10/2009 4:50:56 PM - System Checkpoint
RP802: 11/11/2009 4:54:12 PM - Software Distribution Service 3.0
RP803: 11/12/2009 5:32:57 PM - System Checkpoint
RP804: 11/12/2009 7:06:07 PM - Software Distribution Service 3.0
RP805: 11/13/2009 7:47:17 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Backup
Bonjour
Browser Defender 2.0.6.10
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ccCommon
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V.9x 56K DF PCI Modem
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Destinations
Director
DivX Web Player
GearDrvs
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Software Update
HPSystemDiagnostics
Imikimi Plugin
IncrediMail
InstantShare
Intel(R) PRO Network Adapters and Drivers
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 5
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Netflix Movie Viewer
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.0
Overland
Palm
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PowerDVD
PrintScreen
PS320
PSPrinters06
QFolder
QuickProjects
QuickTime
RealPlayer
RegCure 1.5.0.0
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
SoundMAX
SPBBC 32bit
Sprint music manager
Spyware Doctor 7.0
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
teddypropsal
Themexp.org File
TrayApp
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Unity Web Player
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V5385 Digital Camera Driver
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip 11.1
Yontoo Layers Client 1.10.01
==== Event Viewer Messages From Past Week ========
11/14/2009 7:21:46 PM, error: Service Control Manager [7034]  - The Browser Defender Update Service service terminated unexpectedly.  It has done this 1 time(s).
11/14/2009 7:17:35 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
 

File Attachment :
hijackthis.log   11KB (application/octet-stream)
This file has been downloaded 292 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/26/2009 5:46 PM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Hello, and welcome to BG smile
 
 
Please download Combofix from:
 
 And save to the desktop.

Close all other browser windows.
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

drakan3187
New Member


Date Joined Nov 2009
Total Posts : 4
 
   Posted 11/26/2009 7:43 PM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Thank you
 
Combofix log:
 
 ComboFix 09-11-25.05 - Marnie 11/26/2009 11:16.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.304 [GMT -5:00]
Running from: c:\documents and settings\Marnie\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marnie\My Documents\ZbThumbnail.info
C:\log.udt
c:\windows\system32\Data
.
(((((((((((((((((((((((((   Files Created from 2009-10-26 to 2009-11-26  )))))))))))))))))))))))))))))))
.
2009-11-21 18:03 . 2009-11-21 18:03 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-11-21 17:50 . 2009-11-21 17:51 -------- d-----w- C:\rsit
2009-11-21 16:29 . 2009-11-21 16:29 -------- d-----w- c:\documents and settings\Marnie\Application Data\Malwarebytes
2009-11-21 16:28 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 16:28 . 2009-11-21 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 16:28 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 16:28 . 2009-11-21 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 16:23 . 2009-11-21 16:23 -------- d-----w- c:\program files\Trend Micro
2009-11-21 16:12 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-21 16:12 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-21 16:12 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-21 16:12 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-14 21:46 . 2009-11-21 17:42 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\aamqsp
2009-11-09 23:57 . 2009-11-09 23:57 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\Threat Expert
2009-11-09 23:44 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 23:44 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 23:44 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 23:44 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 23:44 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 23:44 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-09 23:38 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 23:37 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 23:37 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 23:37 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 23:36 . 2009-11-10 00:14 -------- d-----w- c:\program files\Spyware Doctor
2009-11-09 23:36 . 2009-11-09 23:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-09 23:36 . 2009-11-09 23:36 -------- d-----w- c:\documents and settings\Marnie\Application Data\PC Tools
2009-11-09 23:36 . 2009-11-09 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-08 14:01 . 2009-11-08 14:22 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\iqvost
2009-11-01 15:18 . 2009-11-01 15:54 -------- d-----w- c:\program files\ahdosw
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\Temp
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 16:08 . 2008-03-28 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-26 16:03 . 2008-11-25 02:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-25 04:37 . 2008-03-28 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-20 18:06 . 2009-10-20 18:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-17 00:00 . 2009-10-17 00:00 -------- d-----w- c:\documents and settings\Marnie\Application Data\vlc
2009-10-16 00:38 . 2009-10-16 00:36 -------- d-----w- c:\program files\Graboid
2009-10-16 00:37 . 2009-10-16 00:37 -------- d-----w- c:\program files\VideoLAN
2009-10-05 23:23 . 2009-10-05 23:23 -------- d-----w- c:\program files\Samsung
2009-10-05 23:22 . 2008-03-25 17:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 00:11 . 2009-10-03 00:11 -------- d-----w- c:\program files\Yontoo Layers Client
2009-10-03 00:11 . 2009-10-03 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-09-30 18:58 . 2008-02-18 19:38 9576 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-29 01:30 . 2009-10-03 00:11 108032 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-09-29 01:30 . 2009-10-03 00:11 161792 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-09-11 19:16 . 2008-03-28 10:17 37888 ----a-w- c:\documents and settings\Marnie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:41 . 2009-10-03 00:11 224256 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-09-10 20:11 . 2009-09-10 20:11 488968 ----a-w- c:\documents and settings\Marnie\Application Data\Real\Update\temp\~Upg0\setup.exe
2009-09-04 21:03 . 2003-07-16 20:35 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2003-07-16 20:25 17408 ------w- c:\windows\system32\corpol.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-09-25 19:22 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-07 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-08 20:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marnie^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\Marnie\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13848:TCP"= 13848:TCP:BitComet 13848 TCP
"13848:UDP"= 13848:UDP:BitComet 13848 UDP
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/9/2009 6:37 PM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/9/2009 6:44 PM 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2004 12:30 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 4:15 AM 102448]
S0 e244b8de60491926380db35e44121e6e;e244b8de60491926380db35e44121e6e;c:\windows\system32\e244b8de60491926380db35e44121e6e.sys --> c:\windows\system32\e244b8de60491926380db35e44121e6e.sys [?]
S2 gupdate1c9e0bdb40deb2;Google Update Service (gupdate1c9e0bdb40deb2);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 7:24 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 00:22]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 00:24]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 00:24]
2009-11-26 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
2009-11-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
2009-11-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pogo.com/home/home.do
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - hxxp://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 11:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-11-26 11:33
ComboFix-quarantined-files.txt  2009-11-26 16:31
Pre-Run: 85,124,714,496 bytes free
Post-Run: 85,543,800,832 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - F325BFFBE073C296A9FD4073F2D80AB1
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/27/2009 8:02 AM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Open notepad and copy/paste the bold text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
Code:
Killall::
Snapshot::
File::
c:\windows\system32\e244b8de60491926380db35e44121e6e.sys
Rootkit::
c:\windows\system32\e244b8de60491926380db35e44121e6e.sys
Dirlook::
c:\documents and settings\Marnie\Local Settings\Application Data\iqvost
c:\program files\ahdosw
Tasks::
Driver::
e244b8de60491926380db35e44121e6e
 
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

drakan3187
New Member


Date Joined Nov 2009
Total Posts : 4
 
   Posted 11/28/2009 9:49 PM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
ComboFix 09-11-27.07 - Marnie 11/28/2009 12:25.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.243 [GMT -5:00]
Running from: c:\documents and settings\Marnie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marnie\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
FILE ::
"c:\windows\system32\e244b8de60491926380db35e44121e6e.sys"
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marnie\My Documents\ZbThumbnail.info
C:\LOG.TXT
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_E244B8DE60491926380DB35E44121E6E
-------\Service_e244b8de60491926380db35e44121e6e

(((((((((((((((((((((((((   Files Created from 2009-10-28 to 2009-11-28  )))))))))))))))))))))))))))))))
.
2009-11-21 18:03 . 2009-11-21 18:03 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-11-21 17:50 . 2009-11-21 17:51 -------- d-----w- C:\rsit
2009-11-21 16:29 . 2009-11-21 16:29 -------- d-----w- c:\documents and settings\Marnie\Application Data\Malwarebytes
2009-11-21 16:28 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 16:28 . 2009-11-21 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 16:28 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 16:28 . 2009-11-21 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 16:23 . 2009-11-21 16:23 -------- d-----w- c:\program files\Trend Micro
2009-11-21 16:12 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-21 16:12 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-21 16:12 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-21 16:12 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-14 21:46 . 2009-11-21 17:42 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\aamqsp
2009-11-09 23:57 . 2009-11-09 23:57 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\Threat Expert
2009-11-09 23:44 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 23:44 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 23:44 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 23:44 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 23:44 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 23:44 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-09 23:38 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 23:37 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 23:37 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 23:37 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 23:36 . 2009-11-10 00:14 -------- d-----w- c:\program files\Spyware Doctor
2009-11-09 23:36 . 2009-11-09 23:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-09 23:36 . 2009-11-09 23:36 -------- d-----w- c:\documents and settings\Marnie\Application Data\PC Tools
2009-11-09 23:36 . 2009-11-09 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-08 14:01 . 2009-11-08 14:22 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\iqvost
2009-11-01 15:18 . 2009-11-01 15:54 -------- d-----w- c:\program files\ahdosw
2009-11-01 11:00 . 2009-11-01 11:00 -------- d-----w- c:\documents and settings\Marnie\Local Settings\Application Data\Temp
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 17:38 . 2008-11-25 02:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 17:38 . 2008-03-28 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-25 04:37 . 2008-03-28 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-20 18:06 . 2009-10-20 18:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-17 00:00 . 2009-10-17 00:00 -------- d-----w- c:\documents and settings\Marnie\Application Data\vlc
2009-10-16 00:38 . 2009-10-16 00:36 -------- d-----w- c:\program files\Graboid
2009-10-16 00:37 . 2009-10-16 00:37 -------- d-----w- c:\program files\VideoLAN
2009-10-05 23:23 . 2009-10-05 23:23 -------- d-----w- c:\program files\Samsung
2009-10-05 23:22 . 2008-03-25 17:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 00:11 . 2009-10-03 00:11 -------- d-----w- c:\program files\Yontoo Layers Client
2009-10-03 00:11 . 2009-10-03 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-09-30 18:58 . 2008-02-18 19:38 9576 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-29 01:30 . 2009-10-03 00:11 108032 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-09-29 01:30 . 2009-10-03 00:11 161792 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-09-11 19:16 . 2008-03-28 10:17 37888 ----a-w- c:\documents and settings\Marnie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:41 . 2009-10-03 00:11 224256 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-09-10 20:11 . 2009-09-10 20:11 488968 ----a-w- c:\documents and settings\Marnie\Application Data\Real\Update\temp\~Upg0\setup.exe
2009-09-04 21:03 . 2003-07-16 20:35 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Marnie\Local Settings\Application Data\iqvost ----

---- Directory of c:\program files\ahdosw ----
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-09-25 19:22 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-07 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-08 20:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marnie^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\Marnie\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13848:TCP"= 13848:TCP:BitComet 13848 TCP
"13848:UDP"= 13848:UDP:BitComet 13848 UDP
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/9/2009 6:37 PM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/9/2009 6:44 PM 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2004 12:30 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 4:15 AM 102448]
S2 gupdate1c9e0bdb40deb2;Google Update Service (gupdate1c9e0bdb40deb2);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 7:24 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 00:22]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 00:24]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 00:24]
2009-11-28 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
2009-11-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
2009-11-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pogo.com/home/home.do
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - hxxp://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 13:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(3028)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-11-28 13:45 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-28 18:44
ComboFix2.txt  2009-11-26 16:33
Pre-Run: 85,579,821,056 bytes free
Post-Run: 85,785,939,968 bytes free
- - End Of File - - 4EB45CBD45349D58EF51C12589256E91
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/29/2009 8:24 AM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Delete these two folders:
c:\documents and settings\Marnie\Local Settings\Application Data\iqvost
c:\program files\ahdosw


Please post new hijackthis log and tell how things are running now ?


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

drakan3187
New Member


Date Joined Nov 2009
Total Posts : 4
 
   Posted 11/29/2009 7:42 PM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Haven't received any of the popups since we started but they were coming and going ususallly, so hopefully they are gone thanks to you. THe computer is still running on the slower end of the spectrum but don't know if that has to do with anything. Thank you for helping us out. It is greatly appreciated.
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:16 AM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" -"http://www.shockwave.com/gamelanding/gutterball.jsp"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} (GameTap Web Plugin) - http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9e0bdb40deb2) (gupdate1c9e0bdb40deb2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10610 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/2/2009 9:21 AM (GMT +3)    Quote: Remove antivirus pro and/or other infections please? tyAlert an admin about: Remove antivirus pro and/or other infections please? ty
Sorry for late reply.
 
 
Viewpoint is considered foistware and is not needed on your computer.
 
Download and unzip ViewpointKiller to own folder on Desktop - http://www.softpedia.com/progDownload/ViewpointKiller-Download-29172.html
Run ViewpointKiller.exe
 
Reboot.
 
 
Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
 
 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
Click on the CleanUp! button. You'll be asked if you want to Begin cleanup process? Select Yes.
This step removes the files, folders, and shortcuts created by the tools I had you download and run.
 
When done, you will be prompted to restart your computer. Please restart your computer.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Remove antivirus pro and/or other infections please? ty Printable version of : Remove antivirus pro and/or other infections please? ty
 
Forum Information
Currently it is Friday, August 29, 2014 8:14 AM (GMT +3)
There are a total of 60,579 posts in 13,313 threads.
In the last 3 days there were 1 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 36288 registered members. Please welcome our newest member, epoptpgo.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cheap Kitchen Liverpool (0)8/29/2014 3:11:59 AM (epoptpgo)
Blocking of sites (3)8/28/2014 8:06:23 AM (Dickens)
How to Transfer SMS from Android to Computer (8)8/26/2014 9:31:53 AM (PurSally)