It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

HOW TO REMOVE VBSMALWARE

Posted 9/19/2011 3:33 AM
#92324
User avatar

NICELLE Member

Date Joined Nov 2016
Total Posts: 2
Hi..my computer are infected with VBS:Malware-gen virus...avast detects it..but can't delete it...pls help!!! <br/> <br/> <br/>I ran Combofix and here is the log: <br/>ComboFix 11-09-18.03 - User -09-19 星期一 10:57:09.1.1 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.507 [GMT 8:00] <br/>执行位置: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe <br/>AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} <br/>. <br/>注意 - 这台电脑没有安装恢复控制台 !! <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>C:\autorun.inf <br/>c:\documents and settings\User\My Documents\My Music\My Music.exe <br/>c:\documents and settings\User\My Documents\My Pictures\My Pictures.exe <br/>c:\documents and settings\User\My Documents\new folder.exe <br/>c:\new folder\New Folder.exe <br/>c:\program files\INSTALL.LOG <br/>c:\program files\UNWISE.EXE <br/>C:\setup.exe <br/>c:\windows\ST6UNST.000 <br/>D:\autorun.inf <br/>Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\documents and settings\User\My Documents\2005.xls <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( 驱动/服务 ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>-------\Legacy_RKHIT <br/>-------\Service_RkHit <br/>. <br/>. <br/>((((((((((((((((((((((((( 2011-08-19 至 2011-09-19 的新的档案 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-09-17 06:12 . 2004-11-17 09:11 65536 ----a-w- c:\windows\system32\EEBUtil.dll <br/>2011-09-17 06:12 . 2004-11-17 08:04 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll <br/>2011-09-17 06:12 . 2004-11-17 07:56 131072 ----a-w- c:\windows\system32\EEBAPI.dll <br/>2011-09-17 06:12 . 2004-11-17 07:37 69632 ----a-w- c:\windows\system32\EBAPI.dll <br/>2011-09-17 06:12 . 2003-12-16 17:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll <br/>2011-09-17 06:12 . 2011-09-17 06:12 -------- d-----w- c:\program files\Common Files\EPSON <br/>2011-09-17 06:10 . 2004-08-03 15:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys <br/>2011-09-17 06:10 . 2004-08-03 15:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys <br/>2011-09-17 01:41 . 2007-09-26 00:18 249994 --sha-r- C:\SSCVIIHOST.exe <br/>2011-09-16 04:46 . 2011-09-16 04:46 -------- d-----w- c:\documents and settings\User\Application Data\searchqutoolbar <br/>2011-09-16 04:46 . 2011-09-16 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess <br/>2011-09-16 03:55 . 2011-09-16 03:55 -------- d-----w- c:\documents and settings\User\Application Data\Bandoo <br/>2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo <br/>2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ilivid Player <br/>2011-09-16 03:53 . 2011-09-16 03:54 -------- d-----w- c:\program files\Bandoo <br/>2011-09-16 03:50 . 2011-09-16 03:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A} <br/>2011-09-16 03:48 . 2011-09-16 03:49 -------- d-----w- c:\program files\Windows iLivid Toolbar <br/>2011-09-16 03:48 . 2011-09-16 03:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PackageAware <br/>2011-09-14 06:53 . 2011-09-17 01:44 -------- d-----w- C:\logs <br/>2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\documents and settings\User\ChikkaV5 <br/>2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\program files\Chikka Messenger <br/>2011-09-13 01:45 . 2001-08-17 05:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys <br/>2011-09-13 01:45 . 2001-08-17 05:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys <br/>2011-09-07 01:29 . 2011-09-07 01:29 -------- d-----w- c:\documents and settings\User\Application Data\Rovio <br/>2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2011-08-18 01:26 . 2011-08-17 02:53 286720 ------w- c:\windows\Setup1.exe <br/>2011-08-18 01:26 . 2011-08-17 02:53 73216 ----a-w- c:\windows\ST6UNST.EXE <br/>2011-08-18 00:35 . 2011-08-08 06:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2011-08-17 10:33 . 2011-08-17 10:33 1056768 ----a-w- c:\windows\system32\temp.002 <br/>2011-08-17 10:33 . 2011-08-17 10:33 30749 ----a-w- c:\windows\system32\temp.001 <br/>2011-08-17 10:03 . 2011-08-17 10:03 379152 ----a-w- c:\windows\system32\temp.000 <br/>2011-08-11 00:44 . 2011-08-08 06:09 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys <br/>2011-08-11 00:44 . 2011-08-08 06:09 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys <br/>2011-08-08 07:23 . 2011-08-08 06:50 69632 ----a-w- c:\windows\system32\MY3L_EX.DLL <br/>2011-08-08 07:23 . 2011-08-08 06:50 53248 ----a-w- c:\windows\system32\NT_DLL2.DLL <br/>2011-08-08 07:23 . 2011-08-08 06:50 135168 ----a-w- c:\windows\system32\YutianEx.DLL <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*注意* 空白与合法缺省登录将不会被显示 <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752] <br/>"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600] <br/>"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] <br/>. <br/>c:\documents and settings\User\Start Menu\Programs\Startup\ <br/>IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-8-11 210432] <br/>. <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2011-9-17 131584] <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= <br/>"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= <br/>. <br/>R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-8-8 14:09 136360] <br/>R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2011-8-8 14:52 81920] <br/>R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944] <br/>R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2011-8-8 14:52 2732032] <br/>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176] <br/>S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-8 12:24 1684736] <br/>S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176] <br/>. <br/> ‘计划任务’ 文件夹 里的内容 <br/>. <br/>2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14] <br/>. <br/>2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14] <br/>. <br/>. <br/>------- 而外的扫描 ------- <br/>. <br/>uStart Page = hxxp://www.searchqu.com//406 <br/>uSearch Page = hxxp://www.google.com <br/>uSearch Bar = hxxp://www.google.com/ie <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html <br/>TCP: DhcpNameServer = 124.106.5.2 124.106.6.2 <br/>FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5i0ycwro.default\ <br/>FF - prefs.js: browser.search.selectedEngine - Web Search <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406 <br/>FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q= <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>Toolbar-10 - (no file) <br/>AddRemove-YT Security Key Driver - c:\progra~1\UNWISE.EXE <br/>. <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-09-19 11:03 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/>. <br/>扫描被隐藏的进程 。。。 <br/>. <br/>扫描被隐藏的启动组 。。。 <br/>. <br/>扫描被隐藏的文件 。。。 <br/>. <br/>扫描完成 <br/>被隐藏的档案: 0 <br/>. <br/>************************************************************************** <br/>. <br/>------------------------ 其他运行进程 ------------------------ <br/>. <br/>c:\windows\system32\conime.exe <br/>c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe <br/>c:\windows\RTHDCPL.EXE <br/>c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE <br/>c:\windows\system32\igfxsrvc.exe <br/>c:\program files\Avira\AntiVir Desktop\avguard.exe <br/>c:\program files\Avira\AntiVir Desktop\avshadow.exe <br/>c:\program files\Bandoo\Bandoo.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\program files\TeamViewer\Version5\TeamViewer.exe <br/>c:\program files\Yahoo!\Messenger\ymsgr_tray.exe <br/>. <br/>************************************************************************** <br/>. <br/>完成时间: 2011-09-19 11:08:01 - 电脑已重新启动 <br/>ComboFix-quarantined-files.txt 2011-09-19 03:07 <br/>. <br/>Pre-Run: 7,897,862,144 bytes free <br/>Post-Run: 7,898,595,328 bytes free <br/>. <br/>- - End Of File - - C483760C94DAE291710A6A3D0487FC32
Posted 9/19/2011 1:46 PM
#92337
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi NICELLE, <br/> <br/>Here is what you need to do: <br/> <br/>1. Reboot your PC in Safe Mode with Networking <br/>2. Download HijackThis from here [url]http://free.antivirus.com/hijackthis/?page=download [/url] (the executable version) and run it. Choose the "Do a system scan and save a log file" option to perform your scan. <br/>3. Provide me with a detailed description of your issue. <br/>4. Post your Avast and HijackThis logs here. <br/> <br/>Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 9/20/2011 9:27 AM
#92341
User avatar

NICELLE Member

Date Joined Nov 2016
Total Posts: 2
Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 17:27:14, on 2011-9-20 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>C:\WINDOWS\system32\igfxtray.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\Program Files\Avira\AntiVir Desktop\avgnt.exe <br/>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\Program Files\IPMsg\ipmsg.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avshadow.exe <br/>C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe <br/>C:\Program Files\Bandoo\Bandoo.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\Program Files\TeamViewer\Version5\TeamViewer.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SM1MT2.EXE <br/>C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe <br/>C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe <br/>C:\WINDOWS\system32\msiexec.exe <br/>C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe <br/> <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL <br/>O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WINDOW~4\Datamngr\BROWSE~1.DLL <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE <br/>O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min <br/>O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE <br/>O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe <br/>O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL <br/>O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe <br/>O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe <br/>O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe <br/> <br/>-- <br/>End of file - 6587 bytes
Posted 9/20/2011 11:35 AM
#92344
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi NICELLE, <br/> <br/> <br/>I am afraid that you have not posted the Avira scanlog and a detaliated description of your issue. <br/>However, here is what you need to do: <br/> <br/>1. Uninstall Bandoo. <br/>2. Save the scanlog in which the infection is detected, then uninstall Avira, Avast and Best Spyware Protection. <br/>3. Download and install a free trial of BullGuard Internet Security 10 from here: http://www.bullguard.com/try/bullguard-internet-security.aspx. <br/>4. Reboot your PC in Safe Mode with Networking, update BullGuard and run a full computer scan. <br/>5. Return with the log saved on the 2nd step and BullGuard scanlog. <br/> <br/>Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 11:25 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.