Got rid of most of Antivirus System Pro.... not all of it

View previous topic View next topic Go down

Got rid of most of Antivirus System Pro.... not all of it

Post by jigga w00t on Wed Jul 01, 2009 6:26 am

Long story in fighting this one, every website I found had a different solution as far as the software to use. I'm hoping you guys can help me out before I screw things up too much. Firefox searches are still being hijacked, and I'm being sent to shopping websites...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:00 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\McAfee\Common Framework\FrameworkService.exe
E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\rundll32.exe
F:\Program Files\McAfee\Common Framework\UdaterUI.exe
F:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\McAfee\Common Framework\McTray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\wuauclt.exe
F:\Creative\MediaSource\Detector\CTDetect.exe
F:\Linksys EasyLink Advisor\LinksysAgent.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Registry Mechanic\RegMech.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\notepad.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] E:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTCheck] f:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Creative Detector] F:\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [EasyLinkAdvisor] "F:\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - F:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - f:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - f:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8533 bytes

jigga w00t
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-07-01
OS OS : XP Pro
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got rid of most of Antivirus System Pro.... not all of it

Post by Belahzur on Wed Jul 01, 2009 2:46 pm

Hello.

I see you have Viewpoint software installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint Manager (remove only)
  • Viewpoint Media Player
  • Viewpoint Toolbar

Next,

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got rid of most of Antivirus System Pro.... not all of it

Post by jigga w00t on Wed Jul 01, 2009 3:21 pm

Ok, viewpoint manager is gone, here are the logs:


DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2007 9:17:40 PM
System Uptime: 7/1/2009 7:23:16 AM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 965P-S3
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 21.21 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 69 GiB total, 50.243 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 66.837 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP623: 4/2/2009 8:45:58 PM - System Checkpoint
RP624: 4/4/2009 9:19:48 PM - System Checkpoint
RP625: 4/6/2009 6:25:19 PM - System Checkpoint
RP626: 4/7/2009 7:24:04 PM - System Checkpoint
RP627: 4/9/2009 11:06:41 AM - System Checkpoint
RP628: 4/10/2009 12:15:49 PM - System Checkpoint
RP629: 4/11/2009 12:22:05 PM - System Checkpoint
RP630: 4/13/2009 12:16:29 PM - System Checkpoint
RP631: 4/14/2009 5:12:52 PM - System Checkpoint
RP632: 4/15/2009 11:22:41 AM - Software Distribution Service 3.0
RP633: 4/16/2009 9:17:58 PM - System Checkpoint
RP634: 4/18/2009 5:52:08 PM - System Checkpoint
RP635: 4/20/2009 9:59:39 AM - System Checkpoint
RP636: 4/21/2009 8:21:17 PM - System Checkpoint
RP637: 4/21/2009 10:54:49 PM - Software Distribution Service 3.0
RP638: 4/23/2009 8:38:21 PM - System Checkpoint
RP639: 4/27/2009 10:00:33 AM - System Checkpoint
RP640: 4/28/2009 10:10:38 PM - System Checkpoint
RP641: 4/30/2009 8:43:27 PM - System Checkpoint
RP642: 5/2/2009 9:37:13 AM - System Checkpoint
RP643: 5/3/2009 6:53:18 PM - System Checkpoint
RP644: 5/4/2009 7:51:30 PM - System Checkpoint
RP645: 5/5/2009 8:17:19 PM - System Checkpoint
RP646: 5/6/2009 9:05:18 PM - System Checkpoint
RP647: 5/8/2009 9:46:50 AM - System Checkpoint
RP648: 5/9/2009 6:52:32 PM - System Checkpoint
RP649: 5/10/2009 8:14:41 PM - System Checkpoint
RP650: 5/11/2009 10:08:43 PM - System Checkpoint
RP651: 5/12/2009 10:35:27 PM - System Checkpoint
RP652: 5/14/2009 12:03:48 AM - System Checkpoint
RP653: 5/14/2009 8:19:04 AM - Software Distribution Service 3.0
RP654: 5/18/2009 3:10:32 PM - System Checkpoint
RP655: 5/19/2009 10:09:56 PM - System Checkpoint
RP656: 5/20/2009 8:36:21 PM - Installed Realtek High Definition Audio Driver
RP657: 5/22/2009 9:11:52 AM - System Checkpoint
RP658: 5/23/2009 9:38:50 AM - System Checkpoint
RP659: 5/24/2009 9:18:57 PM - System Checkpoint
RP660: 5/26/2009 8:15:58 PM - System Checkpoint
RP661: 5/27/2009 10:17:48 PM - System Checkpoint
RP662: 5/28/2009 11:07:16 PM - System Checkpoint
RP663: 5/30/2009 2:00:08 PM - System Checkpoint
RP664: 5/31/2009 4:47:29 PM - System Checkpoint
RP665: 6/1/2009 5:07:53 PM - System Checkpoint
RP666: 6/2/2009 7:23:37 PM - System Checkpoint
RP667: 6/3/2009 8:01:37 PM - System Checkpoint
RP668: 6/5/2009 10:12:37 AM - System Checkpoint
RP669: 6/6/2009 6:40:24 PM - System Checkpoint
RP670: 6/7/2009 9:34:43 PM - System Checkpoint
RP671: 6/8/2009 10:06:26 PM - System Checkpoint
RP672: 6/10/2009 5:18:02 PM - System Checkpoint
RP673: 6/11/2009 3:00:14 AM - Software Distribution Service 3.0
RP674: 6/12/2009 3:12:20 AM - System Checkpoint
RP675: 6/13/2009 12:58:10 PM - System Checkpoint
RP676: 6/15/2009 3:23:30 PM - System Checkpoint
RP677: 6/17/2009 12:19:57 PM - System Checkpoint
RP678: 6/18/2009 10:37:24 AM - Software Distribution Service 3.0
RP679: 6/18/2009 11:40:46 PM - Installed Realtek High Definition Audio Driver
RP680: 6/19/2009 8:51:47 AM - Installed Realtek High Definition Audio Driver
RP681: 6/20/2009 4:16:23 PM - System Checkpoint
RP682: 6/22/2009 3:14:32 PM - System Checkpoint
RP683: 6/24/2009 3:38:20 PM - System Checkpoint
RP684: 6/25/2009 3:40:05 PM - System Checkpoint
RP685: 6/26/2009 4:28:59 PM - System Checkpoint
RP686: 6/27/2009 8:39:56 PM - System Checkpoint
RP687: 6/29/2009 8:25:38 PM - Removed McAfee VirusScan Enterprise
RP688: 6/29/2009 8:30:16 PM - Installed McAfee VirusScan Enterprise
RP689: 6/30/2009 10:43:05 PM - Installed Java(TM) 6 Update 14
RP690: 6/30/2009 10:47:40 PM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP691: 6/30/2009 10:47:54 PM - Removed Adobe Acrobat and Reader 6.0.3 Update
RP692: 6/30/2009 10:48:13 PM - Removed Adobe Acrobat and Reader 6.0.4 Update
RP693: 6/30/2009 10:48:22 PM - Removed Adobe Acrobat and Reader 6.0.5 Update
RP694: 6/30/2009 10:48:47 PM - Removed Adobe Reader 6.0.1
RP695: 6/30/2009 10:58:13 PM - Installed Adobe Reader 9.1.
RP696: 6/30/2009 11:02:32 PM - Installed Windows Internet Explorer 8.
RP697: 6/30/2009 11:03:04 PM - Software Distribution Service 3.0
RP698: 7/1/2009 8:07:11 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
7-Zip 4.57
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
Apple Software Update
Audacity 1.2.6
AudibleManager
AutoCAD 2006 - English
Autodesk DWF Viewer
AutoUpdate
Battlefield 2: Deluxe Edition
Calculator Powertoy for Windows XP
CAM UnZip 4.42
Canon S300
Counter-Strike(TM)
Creative MediaSource
Creative System Information
Creative ZEN
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drivers Install For Linksys Easylink Advisor
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 3.0.7.5 Beta
DVDFab HD Decrypter 4.0.6.2
Gigabyte Raid Configurer
GTK+ Runtime 2.12.12 rev a (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 14
LightScribe 1.4.89.1
Linksys EasyLink Advisor 1.6 (0032)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Gaming Software
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero Suite
NVIDIA Drivers
PartyPoker
PhotoScape
Pidgin
QuickTime
RadLight 4.0 FINAL
RealPlayer
Realtek High Definition Audio Driver
Registry Easy v5.0
Registry Mechanic 8.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SpeedFan (remove only)
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
Steam(TM)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.0
WWP Demo
Yahoo! Companion
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

7/1/2009 8:07:46 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB969897).
6/30/2009 8:45:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/30/2009 11:03:37 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Update for Internet Explorer 8 Dynamic Installer Compatibility View List for Windows XP (KB971930).
6/30/2009 11:03:37 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB969897).
6/29/2009 7:39:47 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 5:28:45 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 11:30:09 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


Last edited by jigga w00t on Wed Jul 01, 2009 3:23 pm; edited 1 time in total

jigga w00t
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-07-01
OS OS : XP Pro
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got rid of most of Antivirus System Pro.... not all of it

Post by jigga w00t on Wed Jul 01, 2009 3:21 pm

DDS (Ver_09-06-26.01) - NTFSx86
Run by Jig at 8:16:51.89 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1202 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\McAfee\Common Framework\FrameworkService.exe
E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\rundll32.exe
F:\Program Files\McAfee\Common Framework\UdaterUI.exe
F:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\McAfee\Common Framework\McTray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
F:\Creative\MediaSource\Detector\CTDetect.exe
F:\Linksys EasyLink Advisor\LinksysAgent.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Registry Mechanic\RegMech.exe
E:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\Pidgin\pidgin.exe
F:\Program Files\SpeedFan\speedfan.exe
E:\Program Files\Mozilla Firefox\firefox.exe
F:\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - e:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam]
uRun: [Creative Detector] f:\creative\mediasource\detector\CTDetect.exe /R
uRun: [EasyLinkAdvisor] "f:\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [CTSyncU.exe] "e:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryMechanic] e:\program files\registry mechanic\RegMech.exe /H
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GBB36X Configure] e:\windows\system32\JMRaidTool.exe boot
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [McAfeeUpdaterUI] "f:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CTCheck] f:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Media Codec Update Service] e:\program files\essentials codec pack\update.exe -silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ShStatEXE] "e:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - e:\program files\common files\autodesk shared\acstart16.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [2009-6-30 130936]
R2 McAfeeFramework;McAfee Framework Service;f:\program files\mcafee\common framework\FrameworkService.exe [2008-2-24 104000]
R2 McShield;McAfee McShield;e:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;e:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R3 mfeavfk;McAfee Inc.;e:\windows\system32\drivers\mfeavfk.sys [2009-6-29 72264]
R3 mfebopk;McAfee Inc.;e:\windows\system32\drivers\mfebopk.sys [2009-6-29 34152]
R3 mfehidk;McAfee Inc.;e:\windows\system32\drivers\mfehidk.sys [2009-6-29 168776]
S1 mferkdk;VSCore mferkdk;\??\f:\program files\mcafee\virusscan enterprise\mferkdk.sys --> f:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-5-20 1684736]
S3 sdAuxService;PC Tools Auxiliary Service;f:\program files\spyware doctor\pctsAuxs.exe [2009-6-30 348752]
S3 sdCoreService;PC Tools Security Service;f:\program files\spyware doctor\pctsSvc.exe [2009-6-30 1095560]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo; [x]

=============== Created Last 30 ================

2009-06-30 23:06 --dsh--- e:\documents and settings\jig\IETldCache
2009-06-30 23:01 -cd-h--- e:\windows\ie8
2009-06-30 22:43 410,984 a------- e:\windows\system32\deploytk.dll
2009-06-30 22:43 73,728 a------- e:\windows\system32\javacpl.cpl
2009-06-30 21:45 --d----- E:\QUARANTINE
2009-06-30 21:28 159,600 a------- e:\windows\system32\drivers\pctgntdi.sys
2009-06-30 21:28 130,936 a------- e:\windows\system32\drivers\PCTCore.sys
2009-06-30 21:28 73,840 a------- e:\windows\system32\drivers\PCTAppEvent.sys
2009-06-30 21:28 64,392 a------- e:\windows\system32\drivers\pctplsg.sys
2009-06-30 21:28 --d----- e:\program files\common files\PC Tools
2009-06-30 21:28 --d----- e:\docume~1\jig\applic~1\PC Tools
2009-06-30 21:28 --d----- e:\docume~1\alluse~1\applic~1\PC Tools
2009-06-30 21:04 --d----- e:\documents and settings\jig\DoctorWeb
2009-06-30 19:43 --d----- e:\docume~1\jig\applic~1\Malwarebytes
2009-06-30 19:43 38,160 a------- e:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 19:43 19,096 a------- e:\windows\system32\drivers\mbam.sys
2009-06-30 19:43 --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-29 21:59 42 a------- e:\windows\system32\RegistryEasy.lie
2009-06-29 21:52 --d-h--- e:\windows\system32\GroupPolicy
2009-06-29 20:30 168,776 a------- e:\windows\system32\drivers\mfehidk.sys
2009-06-29 20:30 72,264 a------- e:\windows\system32\drivers\mfeavfk.sys
2009-06-29 20:30 64,360 a------- e:\windows\system32\drivers\mfeapfk.sys
2009-06-29 20:30 52,136 a------- e:\windows\system32\drivers\mfetdik.sys
2009-06-29 20:30 34,152 a------- e:\windows\system32\drivers\mfebopk.sys
2009-06-29 20:30 --d----- e:\program files\McAfee
2009-06-29 20:30 --d----- e:\program files\common files\McAfee
2009-06-29 18:26 --dsh--- e:\windows\System Volume Information

==================== Find3M ====================

2009-06-06 17:29 189,472 a------- e:\windows\system32\PnkBstrB.exe
2009-06-06 17:02 138,168 a------- e:\windows\system32\drivers\PnkBstrK.sys
2009-06-02 18:02 5,085,184 a------- e:\windows\system32\drivers\RtkHDAud.sys
2009-05-21 14:01 17,881,600 a------- e:\windows\RTHDCPL.EXE
2009-05-14 15:21 36,864 a------- e:\windows\system32\RtkCoInstXP.dll
2009-05-07 08:32 345,600 a------- e:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- e:\windows\system32\win32k.sys
2009-04-16 17:23 540,672 a------- e:\windows\RtlExUpd.dll
2009-04-15 07:51 585,216 a------- e:\windows\system32\rpcrt4.dll
2009-04-07 16:30 75,064 a------- e:\windows\system32\PnkBstrA.exe

============= FINISH: 8:17:18.09 ===============

jigga w00t
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-07-01
OS OS : XP Pro
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got rid of most of Antivirus System Pro.... not all of it

Post by Belahzur on Wed Jul 01, 2009 3:27 pm

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    uTorrent
    7-Zip 4.57
    Registry Easy v5.0
    Registry Mechanic 8.0

If you stil use 7zip, I want you to download the newest version from here
[You must be registered and logged in to see this link.]

Download and install 4.65

The logs look fine, how is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got rid of most of Antivirus System Pro.... not all of it

Post by jigga w00t on Wed Jul 01, 2009 4:52 pm

Machine's running fine. I decided to completely uninstall firefox, then reinstall. It seems to have worked, for now. I haven't had any recent search engine (google) hijacks.

Thanks for looking things over! I removed the programs you suggested.

Some people that had this problem fixed things temporarily, it just seemed to come back. I hope they don't, but if they do, I'll be looking forward to your assistance.

jigga w00t
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-07-01
OS OS : XP Pro
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum