Antivirus System Pro Hijack

View previous topic View next topic Go down

Antivirus System Pro Hijack

Post by swestm3 on Sat Jul 18, 2009 12:09 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 PM, on 9/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\LenovoTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LenovoTray] C:\Windows\LenovoTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - [You must be registered and logged in to see this link.]
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} (Launch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} (MC3LibControl.TclControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Lenovo - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15155 bytes

swestm3
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-07-17
Gender Gender : Male
OS OS : vista
Points Points : 26995
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro Hijack

Post by Origin on Sat Jul 18, 2009 12:15 am

Hello swestm3,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll



  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Antivirus System Pro Hijack

Post by swestm3 on Sat Jul 18, 2009 1:53 am

ComboFix 09-07-14.08 - Maintenance 07/17/2009 20:37.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1341 [GMT -4:00]
Running from: c:\users\Maintenance\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Antispyware *enabled* (Updated) {F9D66A85-075E-43E0-9271-7C1551AAA4F2}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-404032605-3506218986-341512082-1002
c:\$recycle.bin\S-1-5-21-404032605-3506218986-341512082-1003
c:\$recycle.bin\S-1-5-21-833822272-2447228217-3246833282-500
c:\windows\Installer\1359590.msp
c:\windows\Installer\137b3c0e.msp
c:\windows\Installer\13de1e.msi
c:\windows\Installer\1800ce.msi
c:\windows\Installer\1aac8f2.msp
c:\windows\Installer\1efebd.msp
c:\windows\Installer\23ec28f.msp
c:\windows\Installer\2def0f3.msi
c:\windows\Installer\3046d8b.msi
c:\windows\Installer\51df744.msp
c:\windows\Installer\6106602.msp
c:\windows\Installer\6126382.msp
c:\windows\Installer\6a25987.msi
c:\windows\Installer\6a40984.msi
c:\windows\Installer\6b636ac.msp
c:\windows\Installer\a44483b.msp
c:\windows\Installer\b7f9eb.msi
c:\windows\Installer\ffc7fd1.msi
c:\windows\MailSwitch.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 00:51 . 2009-07-18 01:00 -------- d-----w- c:\users\Maintenance\AppData\Local\temp
2009-07-18 00:51 . 2009-07-18 00:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-07-15 03:05 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:05 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:05 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:05 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:05 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 01:59 . 2009-07-15 01:59 -------- d-----w- c:\program files\bfgclient
2009-07-15 01:56 . 2009-07-15 22:11 -------- d-----w- C:\BigFishGamesCache
2009-07-07 00:47 . 2009-07-07 00:47 -------- d-----w- c:\programdata\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
2009-07-07 00:47 . 2009-07-07 00:47 -------- d-----w- c:\program files\Lenovo Hard Drive Quick Test
2009-07-05 19:57 . 2009-07-09 01:59 -------- d-----w- c:\users\Maintenance\Tracing
2009-07-05 19:56 . 2009-07-05 19:56 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-07-05 19:56 . 2009-02-06 22:08 55280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-07-05 19:55 . 2009-07-05 19:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-05 19:53 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-05 19:53 . 2009-07-05 19:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-05 19:52 . 2009-07-05 19:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 19:03 . 2009-07-05 19:03 -------- d-sh--w- C:\found.000
2009-07-01 13:40 . 2009-07-01 13:40 20 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-26 11:20 . 2009-07-05 19:52 -------- d-----w- c:\program files\Microsoft
2009-06-23 22:18 . 2009-06-23 22:55 -------- d-----w- c:\users\Maintenance\AppData\Roaming\Motive
2009-06-23 22:15 . 2009-06-23 22:16 -------- d-----w- c:\program files\Common Files\Motive
2009-06-23 22:15 . 2009-06-23 22:31 -------- d-----w- c:\programdata\Motive
2009-06-23 22:15 . 2009-06-23 22:16 -------- d-----w- c:\program files\ATT-SST

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 01:01 . 2008-12-31 04:25 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-18 00:56 . 2008-12-27 15:18 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-07-18 00:53 . 2008-12-31 04:25 5816864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-18 00:53 . 2008-12-31 04:25 5616 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-18 00:53 . 2008-12-31 04:25 46524 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-18 00:53 . 2008-12-31 04:25 1327136 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-18 00:53 . 2008-04-09 13:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-18 00:47 . 2008-04-01 15:54 -------- d-----w- c:\users\Maintenance\AppData\Roaming\Skype
2009-07-17 20:20 . 2008-09-15 16:16 -------- d-----w- c:\programdata\Google Updater
2009-07-15 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 07:02 . 2007-08-29 21:39 -------- d-----w- c:\programdata\Microsoft Help
2009-07-15 02:00 . 2008-06-09 03:58 -------- d-----w- c:\program files\Hidden Expedition - Everest
2009-07-11 23:13 . 2008-04-20 12:46 -------- d-----w- c:\program files\Perfect Uninstaller
2009-07-07 18:48 . 2008-04-13 21:54 -------- d-----w- c:\program files\Glary Utilities
2009-07-07 13:42 . 2007-08-27 00:12 -------- d-----w- c:\program files\InterVideo
2009-07-07 13:41 . 2008-04-07 00:20 262144 ----a-w- C:\ntuser.dat
2009-07-07 12:14 . 2007-08-27 00:02 -------- d-----w- c:\program files\ThinkVantage
2009-07-07 12:14 . 2007-08-26 23:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 00:11 . 2007-09-09 05:50 -------- d-----r- c:\program files\Skype
2009-07-06 00:11 . 2007-09-09 05:50 -------- d-----w- c:\programdata\Skype
2009-07-05 19:56 . 2007-10-07 00:52 -------- d-----w- c:\program files\Windows Live
2009-07-02 14:56 . 2008-04-07 22:36 -------- d-----w- c:\users\Maintenance\AppData\Roaming\U3
2009-06-14 12:31 . 2008-12-10 17:44 -------- d-----w- c:\program files\Lx_cats
2009-06-11 20:33 . 2009-06-11 20:33 104512 ------w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-09 00:05 . 2009-06-09 00:05 758088 ------w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-07 01:29 . 2007-08-26 23:43 -------- d-----w- c:\program files\Lenovo
2009-06-01 16:50 . 2007-08-27 00:06 -------- d-----w- c:\programdata\Lenovo
2009-06-01 16:50 . 2007-08-27 00:02 -------- d-----w- c:\program files\Common Files\Lenovo
2009-06-01 16:49 . 2009-01-14 22:10 -------- d-----w- c:\users\Maintenance\AppData\Roaming\Downloaded Installations
2009-05-30 21:52 . 2008-05-10 23:49 -------- d-----w- c:\program files\PCDR5
2009-05-30 21:51 . 2009-01-14 22:17 -------- d-----w- c:\programdata\PCDr
2009-05-28 19:38 . 2009-05-28 19:38 673280 ------w- c:\windows\is-6THGQ.exe
2009-05-27 12:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 12:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 12:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 12:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-27 12:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-27 12:30 . 2006-11-02 12:37 37665 ------w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-25 12:01 . 2009-05-25 12:01 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2009-05-20 14:11 . 2008-12-31 04:26 94643 ------w- c:\windows\system32\drivers\klick.dat
2009-05-20 14:11 . 2008-12-31 04:26 105395 ------w- c:\windows\system32\drivers\klin.dat
2009-05-16 04:59 . 2009-05-16 04:59 416128 ------w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-11 18:58 . 2008-06-22 12:15 1 ------w- c:\users\Maintenance\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-09 05:50 . 2009-06-10 20:52 915456 ------w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 20:52 71680 ------w- c:\windows\system32\iesetup.dll
2009-05-02 20:11 . 2009-05-02 20:11 64837216 ------w- c:\programdata\PC Drivers HeadQuarters\Driver Detective\Downloads\7vwv23ww.exe
2009-04-23 12:15 . 2009-06-10 20:46 784896 ------w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 20:47 623616 ------w- c:\windows\system32\localspl.dll
2009-04-22 01:31 . 2009-04-22 01:31 22016 ------w- c:\users\Maintenance\AppData\Roaming\Auslogics\Update\b0561c4d-37f0-4459-8395-d709ff18fb52\logs\autoupdater.exe
2009-04-21 11:39 . 2009-06-10 20:47 2034688 ------w- c:\windows\system32\win32k.sys
2007-08-27 03:30 . 2007-08-27 03:26 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))

swestm3
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-07-17
Gender Gender : Male
OS OS : vista
Points Points : 26995
# Likes # Likes : 0

View user profile

Back to top Go down

Antivirus System Pro Hijack

Post by swestm3 on Sat Jul 18, 2009 1:59 am

The txt file was too long to send, so I sent some of the top portion. The Combofix eliminated the Antivirus System program and
so far everything seems OK.

Thanks for the help.

Stuart

swestm3
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-07-17
Gender Gender : Male
OS OS : vista
Points Points : 26995
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro Hijack

Post by Origin on Sat Jul 18, 2009 7:44 pm

Please split the log into two posts or more if required, there could be some left overs.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum