Antivirus Pro

View previous topic View next topic Go down

Antivirus Pro

Post by tega_k on 2nd July 2009, 3:51 pm

I did all the updates you asked, I found the process that allows me too finally type without the constant pop ups I cancel out the sysguard.exe process everytime I reboot... I cannot however get rid of the pesty bug and here is what hijack came up with.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:20 AM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\windows\ld11.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\lorna\LOCALS~1\Temp\winamp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\lorna\Local Settings\Temporary Internet Files\Content.IE5\RTQOB7R9\Hijack(GP)This[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 safesystem.microsoft.com
O1 - Hosts: 209.44.111.62 antiviraprof.com
O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\lorna\LOCALS~1\Temp\zyy12.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\lorna\LOCALS~1\Temp\zyy12.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\lorna\LOCALS~1\Temp\winamp.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11768 bytes

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 4:52 pm

Hello tega_k,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.



  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 209.44.111.62 safesystem.microsoft.com
    O1 - Hosts: 209.44.111.62 antiviraprof.com
    O1 - Hosts: 209.44.111.62 antiviraprof.com
    O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKCU\..\Run: [] C:\DOCUME~1\lorna\LOCALS~1\Temp\zyy12.exe
    O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\lorna\LOCALS~1\Temp\zyy12.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)

  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 5:15 pm

How can I find the Trend Micro in my computer again?

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 5:17 pm

Hello, from what I see you are running Hijackthis from a temporary folder, this is not recommended, you can download it here but save into a a folder liek program files,

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Belahzur on 2nd July 2009, 5:18 pm

Hello.
You were running it from temp files, you'll need to actually install it.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, run Origins fix.


[edit]
Beaten. Ahahaha


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 5:19 pm

LOL Banner you got me in the other one Goofy


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 5:34 pm

I did the system scan, checked the boxes and fixed the ones you told me too... I downloaded Malware but it will not open and I have downloaded malware but it will not open, I uninstalled and reinstalled, still will not work... what now?

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 5:36 pm

I smell a Rootkit, please do the following:

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 5:36 pm

Guess I repeated myself a bit, puter kept freezing up, LOL!!!

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 5:39 pm

I clicked run instead of save Sad tearing ..... can I do it again?

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 5:40 pm

Yes you may Smile


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 6:30 pm

It did have a rootkit, you are so smart!!!!

ComboFix 09-07-01.04 - lorna 07/02/2009 14:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.307 [GMT -4:00]
Running from: c:\documents and settings\lorna\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\lorna\APPLIC~1\SpamBlocker
c:\docume~1\lorna\LOCALS~1\Temp\taskmgr.exe
c:\program files\spamblockerutility
c:\program files\spamblockerutility\SBTV\sbtv_kyf.dat
C:\Redemption.ECF
c:\windows\010112010146118114.dat
c:\windows\freddy49.exe
c:\windows\Installer\26a423b.msi
c:\windows\Installer\6dff615.msi
c:\windows\Installer\7056cf.msi
c:\windows\Installer\b77bf.msi
c:\windows\ld11.exe
c:\windows\sysguard.exe
c:\windows\system32\drivers\UACpygmmowuyybiqjdsm.sys
c:\windows\system32\iehelper.dll
c:\windows\system32\UACafrmtcklveufrcvsx.dll
c:\windows\system32\UACfdebsplrulkjucoge.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkdkalqxcbsqbykuhb.log
c:\windows\system32\UAClotnbgoebtgicddvh.dll
c:\windows\system32\UACmlmmhilqpcxdflojh.log
c:\windows\system32\UACueftrttvbutpnarwk.dat
c:\windows\system32\UACvjvurnmevpaaqdiin.dll
c:\windows\system32\UACwwoeutyfegcjanthi.log
c:\windows\system32\UACxngixdyywhdlvdfjb.dll
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 17:30 . 2009-07-02 17:30 1 ----a-w- c:\windows\123312sd345fdg.dat
2009-07-02 17:30 . 2009-07-02 17:36 1647 ----a-w- c:\windows\bf5087.dat
2009-07-02 17:20 . 2009-07-02 17:20 -------- d-----w- c:\program files\Trend Micro
2009-07-02 16:35 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 16:35 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 16:22 . 2009-07-02 16:22 1 ---h--w- c:\windows\bf23567.dat
2009-07-01 17:43 . 2009-07-01 17:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-01 14:37 . 2009-07-01 14:38 164 ----a-w- c:\windows\install.dat
2009-07-01 13:39 . 2009-07-01 13:39 2 ----a-w- c:\windows\0101120101465749.dat
2009-07-01 13:39 . 2009-07-01 13:39 2 ----a-w- c:\windows\0101120101465349.dat
2009-07-01 13:39 . 2009-07-01 13:39 33792 ----a-w- c:\windows\strt_1246455566.exe
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 13:06 . 2009-07-02 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 12:42 . 2009-07-01 12:42 -------- d-----w- c:\windows\system32\Dell
2009-06-30 02:52 . 2009-06-30 02:52 46 ----a-w- C:\p2hhr.bat
2009-06-30 02:51 . 2009-06-30 02:51 24576 ----a-w- C:\oxyyxwn.exe
2009-06-10 09:49 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 09:49 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 15:30 . 2005-11-26 23:39 -------- d-----w- c:\program files\Java
2009-07-02 15:19 . 2008-08-27 20:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 12:42 . 2005-11-26 23:25 -------- d-----w- c:\program files\Dell
2009-06-30 17:35 . 2007-01-25 12:27 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-30 14:23 . 2007-01-25 12:52 -------- d-----w- c:\program files\Verizon
2009-06-02 14:44 . 2009-06-02 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-02 13:42 . 2007-01-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-02 13:42 . 2005-12-09 01:35 -------- d-----w- c:\program files\Yahoo!
2009-06-01 16:45 . 2009-06-01 16:45 -------- d-----w- c:\program files\Usability Sciences
2009-05-26 23:50 . 2009-06-02 13:40 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-20 13:33 . 2009-02-13 18:00 56 --sh--r- c:\windows\system32\0F8EB504D8.sys
2009-05-20 13:33 . 2008-11-05 14:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-13 05:15 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-09-26 789616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-26 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-26 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-1-24 315392]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 2:23 PM 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 6:12 PM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-19 18:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-19 18:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-sysfbtray - c:\windows\freddy49.exe
SafeBoot-WebrootSpySweeperService


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-02 14:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\progra~1\Verizon\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-02 14:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 18:26

Pre-Run: 63,639,642,112 bytes free
Post-Run: 64,288,096,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

224 --- E O F --- 2009-06-11 07:05

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 6:35 pm

It gave me a pop up saying root kit detected and had me write down a bunch of things, do you want me to type all of those in also??? It said might need at a later time but never asked for them again? I am also receiving an error PEV.exe, PEV.CFexe and CF25755.exe saying corrupt file all leading to C:\$Mft is corrupt and unreadable... says run chkdsk utility???

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Belahzur on 2nd July 2009, 6:39 pm

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    proquota.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 6:50 pm

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 14:49 on 02/07/2009 by lorna (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\i386\proquota.exe --a--- 50176 bytes [23:34 08/12/2005] [11:00 04/08/2004] 4D9D45A4370E0C2AD00C362B7118E2A4
C:\WINDOWS\$NtServicePackUninstall$\proquota.exe -----c 50176 bytes [17:12 08/09/2008] [11:00 04/08/2004] 4D9D45A4370E0C2AD00C362B7118E2A4
C:\WINDOWS\ServicePackFiles\i386\proquota.exe ------ 50176 bytes [19:20 03/09/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 6:56 pm

Should I uninstall Malwarebytes or keep it on my computer? I haven't tried to use it again since it hadn't worked the first time.

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 7:03 pm

No you will see that it works in a second Wink

Now open a new notepad file.
Input this into the notepad file:

FCopy::
C:\WINDOWS\ServicePackFiles\i386\proquota.exe | C:\WINDOWS\system32\proquota.exe

File::
c:\windows\123312sd345fdg.dat
c:\windows\bf5087.dat
c:\windows\bf23567.dat
c:\windows\0101120101465749.dat
c:\windows\0101120101465349.dat
c:\windows\strt_1246455566.exe
C:\p2hhr.bat
C:\oxyyxwn.exe
C:\0F8EB504D8.sys

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 7:31 pm

ComboFix 09-07-01.04 - lorna 07/02/2009 15:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.245 [GMT -4:00]
Running from: c:\documents and settings\lorna\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\lorna\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\0F8EB504D8.sys"
"C:\oxyyxwn.exe"
"C:\p2hhr.bat"
"c:\windows\0101120101465349.dat"
"c:\windows\0101120101465749.dat"
"c:\windows\123312sd345fdg.dat"
"c:\windows\bf23567.dat"
"c:\windows\bf5087.dat"
"c:\windows\strt_1246455566.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\oxyyxwn.exe
C:\p2hhr.bat
c:\windows\0101120101465349.dat
c:\windows\0101120101465749.dat
c:\windows\123312sd345fdg.dat
c:\windows\bf23567.dat
c:\windows\bf5087.dat
c:\windows\strt_1246455566.exe

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.


Still have error: CF11980.exe.... C:\$Mft is corrupt and unreadable

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 7:39 pm

Hello please post all the contents of the ComboFix log, if you do not remember where you saved it, it should be somewhere in your C:\ drive


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 7:40 pm

ComboFix 09-07-01.04 - lorna 07/02/2009 15:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.245 [GMT -4:00]
Running from: c:\documents and settings\lorna\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\lorna\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\0F8EB504D8.sys"
"C:\oxyyxwn.exe"
"C:\p2hhr.bat"
"c:\windows\0101120101465349.dat"
"c:\windows\0101120101465749.dat"
"c:\windows\123312sd345fdg.dat"
"c:\windows\bf23567.dat"
"c:\windows\bf5087.dat"
"c:\windows\strt_1246455566.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\oxyyxwn.exe
C:\p2hhr.bat
c:\windows\0101120101465349.dat
c:\windows\0101120101465749.dat
c:\windows\123312sd345fdg.dat
c:\windows\bf23567.dat
c:\windows\bf5087.dat
c:\windows\strt_1246455566.exe

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 19:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-02 19:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-02 17:20 . 2009-07-02 17:20 -------- d-----w- c:\program files\Trend Micro
2009-07-02 16:35 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 16:35 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 17:43 . 2009-07-01 17:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-01 14:37 . 2009-07-01 14:38 164 ----a-w- c:\windows\install.dat
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 13:06 . 2009-07-02 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 12:42 . 2009-07-01 12:42 -------- d-----w- c:\windows\system32\Dell
2009-06-10 09:49 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 09:49 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 15:30 . 2005-11-26 23:39 -------- d-----w- c:\program files\Java
2009-07-02 15:19 . 2008-08-27 20:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 12:42 . 2005-11-26 23:25 -------- d-----w- c:\program files\Dell
2009-06-30 17:35 . 2007-01-25 12:27 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-30 14:23 . 2007-01-25 12:52 -------- d-----w- c:\program files\Verizon
2009-06-02 14:44 . 2009-06-02 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-02 13:42 . 2007-01-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-02 13:42 . 2005-12-09 01:35 -------- d-----w- c:\program files\Yahoo!
2009-06-01 16:45 . 2009-06-01 16:45 -------- d-----w- c:\program files\Usability Sciences
2009-05-26 23:50 . 2009-06-02 13:40 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-20 13:33 . 2009-02-13 18:00 56 --sh--r- c:\windows\system32\0F8EB504D8.sys
2009-05-20 13:33 . 2008-11-05 14:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-13 05:15 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-09-26 789616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-26 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-26 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-1-24 315392]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 2:23 PM 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 6:12 PM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-19 18:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-19 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-02 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-02 15:28
ComboFix-quarantined-files.txt 2009-07-02 19:27
ComboFix2.txt 2009-07-02 18:26

Pre-Run: 64,288,571,392 bytes free
Post-Run: 64,275,197,952 bytes free

170 --- E O F --- 2009-06-11 07:05


Ooops! LOL

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Origin on 2nd July 2009, 7:41 pm

No worries Wink

Please run another Malwarebytes quick scan and post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 8:21 pm

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/2/2009 4:20:39 PM
mbam-log-2009-07-02 (16-20-32).txt

Scan type: Quick Scan
Objects scanned: 89729
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
c:\documents and settings\lorna\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\Application Data\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\IESkins (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0 (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOI (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOI\dynamic (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOL (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOL\dynamic (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\dynamic (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static\1 (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static\2 (Adware.Hotbar) -> No action taken.

Files Infected:
c:\documents and settings\lorna\application data\spamblockerutility_icons\Registryrepair.ico (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility_icons\Software_Online_8.ico (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility_icons\wallpapere1.ico (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1192732252.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1192985192.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1193452378.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1193677919.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1194365985.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1197410915.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1197764423.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198184965.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198866820.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198882564.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1199289308.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1199409336.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1200186144.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1200712528.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1201395239.log (Adware.Hotbar) -> No action taken.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1201897572.log (Adware.Hotbar) -> No action taken.

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 8:28 pm

AND AFTER:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/2/2009 4:27:13 PM
mbam-log-2009-07-02 (16-27-13).txt

Scan type: Quick Scan
Objects scanned: 89729
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\lorna\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\v3.0\spamblockerutility\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\lorna\application data\spamblockerutility_icons\Registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility_icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility_icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1192732252.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1192985192.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1193452378.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1193677919.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1194365985.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1197410915.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1197764423.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198184965.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198866820.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1198882564.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1199289308.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1199409336.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1200186144.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1200712528.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1201395239.log (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lorna\application data\spamblockerutility\SpamBlockerUtility_1201897572.log (Adware.Hotbar) -> Quarantined and deleted successfully.

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Belahzur on 2nd July 2009, 8:44 pm

Hello.

Malwarebytes' Anti-Malware 1.38
Database version: 2297

Please update the database to the latest database and re-run the scan. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 9:00 pm

It looks like we've killed it?

Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 5.1.2600 Service Pack 3

7/2/2009 4:59:57 PM
mbam-log-2009-07-02 (16-59-57).txt

Scan type: Quick Scan
Objects scanned: 93057
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Belahzur on 2nd July 2009, 9:02 pm

Nice work.
One last thing to do, post a new Hijack This log, there's something we missed and need to kill it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 9:04 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:57 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9358 bytes

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Belahzur on 2nd July 2009, 9:05 pm

Ah, not there, MBAM removed it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro

Post by tega_k on 2nd July 2009, 9:10 pm

Its running and no errors Belahzur and Origin... MUCH appreciated!!!! The only weird thing happening is my McAfee keeps loading twice in the side tray and when I put my mouse on it them poof, its gone. If that's all I have to worry about then I'm ok!!!!

THANK YOU SOOOOO much!!!!!

tega_k
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-07-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum