Antivirus 2009 Problem -Please Help!

View previous topic View next topic Go down

Antivirus 2009 Problem -Please Help!

Post by concept on Sun Jul 26, 2009 3:38 am

For 2 days now i've been trying to fix this issue. Normally I can figure it out by looking up other people's issues online, but this one I am at a hault and need help. I've tried renaming malwarebytes and still haven't gotten it to run. I've ran Noadware CCleaner and Antivir already. Still Malwarebytes will not run or reinstall. Not only this, I've noticed iexplore.exe keeps opening on its on in the processes running. Please help me, thank you.


Logfile of HijackThis v1.99.1
Scan saved at 03:39, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Owner.FMO\Desktop\VundoFix.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: santa.bat
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Doctor Inferno on Sun Jul 26, 2009 3:56 am

Hello,

You are using an old version of HijackThis, please get the latest version from here:

[You must be registered and logged in to see this link.]

And post the new log.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Sun Jul 26, 2009 3:57 am

when i go to save that, it says winlogon.exe

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Sun Jul 26, 2009 4:01 am

I found it on another site. here is the Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: santa.bat
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7275 bytes

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Belahzur on Sun Jul 26, 2009 1:32 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - Startup: santa.bat


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Sun Jul 26, 2009 7:07 pm

Here's the issue that I presented in my first message, I have malwarebytes, it just won't open when I double click it, It says it's open in the task manager, but it does not open, neither can combo fix. And, in hijack this, santa.bat can not be fixed because it says it is running, however there is no sign of it in the task manager for me to end the process.

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Mon Jul 27, 2009 9:51 am

New Log. please help, as the people that have replied so far have not done much for me, please help.


Logfile of HijackThis v1.99.1
Scan saved at 09:52, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: santa.bat
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

[code]

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Belahzur on Mon Jul 27, 2009 11:56 am


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Mon Jul 27, 2009 5:59 pm

ok here

1st Email Extractor
3GP Video Converter 3
3ivx D4 4.5.1 (remove only)
AC-3 ACM Codec
Account Creator
ACE Mega CoDecS Pack
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Antares Auto-Tune v4.39
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Audacity 1.3.5 (Unicode)
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BigFix
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8300 smartphone
BlackBerry Device Software v4.5.0 for the BlackBerry 8300 smartphone
Boilsoft Video Joiner 5.24
Canon iP1700
Canon iP1700 User Registration
CCleaner (remove only)
Collab
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.3.2.100
Cypress USB Mass Storage Driver Installation
Defraggler (remove only)
Digital Media Reader
Digital Voice Editor 3
Diskeeper 2008 Pro Premier
DivX Converter
DivX Player
DivX Web Player
Dragon NaturallySpeaking 9 Recorder Edition
DVD Ripper Platinum 4
DVD Solution
DVDx
Easy Video Joiner 5.21
Easy-WebPrint
EVPmaker 2.5
FileASSASSIN
FL Studio 6
FL Studio 6.3 public beta
FL Studio 8
Flash DVD Ripper
FriendBlasterPro
FruityLoops Studio Producer Edition v5.02
Google Desktop
HijackThis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
IL Download Manager
ImTOO DVD Ripper Platinum 5
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 11
LimeWire PRO 5.1.2
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MIKSOFT Mobile 3GP converter
Mozilla Firefox (3.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Napster Burn Engine
nCleaner second 2.3.4.0
neroxml
NoAdware v5.0
P2P Energy Toolbar
Pinnacle Instant DVD Recorder
Power Email Extractor Pro 3.4
Power2Go 4.0
PowerDVD
Prevx1
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RegCure 1.6.0.0
Registry Mechanic 8.0
Roxio Easy Media Creator 7
Safari
save2pc Light 3.21
ScummVM 0.11.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Sound Blaster Live! Web 2K/XP
SUPERAntiSpyware Free Edition
Uninstall 1.0.0.0
USB Storage Adapter FX (SM1)
VCRedistSetup
Viewpoint Media Player
Virtual DJ - Atomix Productions
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
WinPcap 3.1
WinRAR archiver
Xilisoft 3GP Video Converter

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

hijacks

Post by buterfli2024 on Mon Jul 27, 2009 6:35 pm

when i try to download it it says unable to run

buterfli2024
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-07-27
OS OS : xp
Points Points : 26911
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Origin on Tue Jul 28, 2009 1:03 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Tue Jul 28, 2009 7:23 pm

It has to be in 2 post because it's too big

ComboFix 09-07-28.01 - Owner 07/28/2009 18:37.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.562 [GMT -4:00]
Running from: c:\documents and settings\Owner.FMO\Desktop\Combo-Fix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\Owner.FMO\Desktop\YouTube -
c:\documents and settings\Owner.FMO\Desktop\YouTube - Eminem NEW SONG
c:\documents and settings\Owner.FMO\Desktop\YouTube - Eminem NEW SONG
c:\documents and settings\Owner.FMO\Desktop\YouTube -
c:\program files\Mozilla Firefox\extensions\{A5087C23-BEB0-413B-9136-7E6C6FAE6DAF}
c:\program files\Mozilla Firefox\extensions\{A5087C23-BEB0-413B-9136-7E6C6FAE6DAF}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{A5087C23-BEB0-413B-9136-7E6C6FAE6DAF}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{A5087C23-BEB0-413B-9136-7E6C6FAE6DAF}\install.rdf
c:\windows\Install.txt
c:\windows\Installer\966cfbc.msi
c:\windows\Installer\98c85ba.msi
c:\windows\Installer\ba0c7.msp
c:\windows\Installer\ba0dc.msp
c:\windows\Installer\ba10b.msp
c:\windows\is-OKQ31.exe
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\system32\3361
c:\windows\system32\3361\mlog
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\msqpdxijdbrisd.sys
c:\windows\system32\drivers\UACkonawefikw.sys
c:\windows\system32\etoberow.ini
c:\windows\system32\FInstall.sys
c:\windows\system32\inf
c:\windows\system32\Install.txt
c:\windows\system32\msqpdxyapljtre.dll
c:\windows\system32\tmp0_537679405612.bk
c:\windows\system32\UACajgtdeqxrt.dll
c:\windows\system32\UACauvarxivso.dll
c:\windows\system32\UACdpjkguhcyb.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjduthasnwa.dat
c:\windows\system32\UACnsvwvgoxxg.dll
c:\windows\system32\UACphpuywjjdx.dll
c:\windows\system32\UACshgsmwfcfg.dll
c:\windows\system32\w32apiw.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Service_UACd.sys
-------\Legacy_AFISICX
-------\Legacy_TDCTXTE
-------\Service_afisicx
-------\Service_tdctxte
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-25 14:20 . 2009-07-25 14:20 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\Template
2009-07-24 13:36 . 2009-07-24 20:17 -------- d-----w- C:\Malwarebytes Anti-Malware v1.39
2009-07-22 22:19 . 2009-07-22 22:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\RegCure
2009-07-22 21:57 . 2009-07-22 21:57 -------- d-----w- c:\program files\nsgbrf
2009-07-08 17:40 . 2009-07-24 12:39 -------- d-----w- c:\program files\HooTech
2009-07-07 03:05 . 2009-07-07 03:05 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\AVS4YOU
2009-07-07 03:05 . 2009-07-07 03:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU
2009-07-07 02:59 . 2009-07-07 03:02 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-07 02:59 . 2009-07-07 03:03 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 23:01 . 2009-05-22 18:47 256 ----a-w- c:\windows\system32\pool.bin
2009-07-28 22:56 . 2009-01-25 01:06 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-28 22:56 . 2009-01-25 01:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-28 22:54 . 2007-01-30 03:15 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-00211102}.dat
2009-07-28 22:54 . 2007-01-30 03:15 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-00211102}.dat
2009-07-28 02:31 . 2008-07-04 20:06 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\LimeWire
2009-07-27 06:03 . 2006-10-26 17:24 -------- d-----w- c:\program files\FriendBlasterPro
2009-07-25 22:23 . 2006-10-26 01:08 -------- d-----w- c:\program files\Prevx1
2009-07-24 20:20 . 2008-09-10 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 19:55 . 2007-05-10 22:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-24 19:55 . 2007-05-10 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-24 15:31 . 2008-12-16 19:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-24 13:32 . 2006-12-27 23:35 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-24 12:38 . 2006-10-28 22:05 -------- d-----w- c:\program files\Image-Line
2009-07-24 12:36 . 2009-05-30 23:05 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-24 06:27 . 2006-12-26 18:40 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\Vso
2009-07-24 05:54 . 2009-07-24 05:54 1176712 ----a-w- c:\windows\system32\xa.tmp
2009-07-23 02:24 . 2006-10-22 21:56 -------- d-----w- c:\program files\AIM
2009-07-23 02:23 . 2006-10-22 21:57 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\Aim
2009-07-22 22:19 . 2009-01-06 19:44 -------- d-----w- c:\program files\RegCure
2009-07-13 17:36 . 2008-09-10 17:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2008-09-10 17:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 17:45 . 2008-03-07 07:54 -------- d-----w- c:\program files\Xilisoft
2009-07-08 17:34 . 2006-11-15 23:17 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\Audacity
2009-06-14 03:40 . 2009-06-14 03:40 -------- d-----w- c:\program files\JL_Cmder
2009-06-14 02:13 . 2009-06-14 02:13 256 ----a-w- c:\documents and settings\Owner.FMO\pool.bin
2009-06-14 01:58 . 2009-05-22 07:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-05 18:46 . 2009-06-05 18:46 -------- d-----w- c:\documents and settings\Owner.FMO\Application Data\Xilisoft Corporation
2009-05-30 23:04 . 2009-05-30 23:04 -------- d-----w- c:\program files\Outsim
2009-05-28 02:42 . 2008-09-06 19:38 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-28 00:27 . 2009-03-28 17:14 73764 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-27 01:27 . 2006-06-19 04:25 106392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-14 21:14 . 2009-01-14 15:04 3353773 ----a-w- c:\program files\intro.mp3
2009-01-11 20:55 . 2009-01-11 20:54 3869031 ----a-w- c:\program files\phantomwoah.mp3
2009-01-06 16:06 . 2009-01-06 16:06 128019 ----a-w- c:\program files\bb.mp3
2008-11-20 00:03 . 2008-11-19 22:33 12869925 ----a-w- c:\program files\phonecall.mp3
2008-10-18 18:59 . 2008-10-18 18:59 4385854 ----a-w- c:\program files\special - blood manor.zip
2008-10-16 17:46 . 2008-10-16 17:45 4447331 ----a-w- c:\program files\blood manor 5.mp3
2008-10-16 17:44 . 2008-10-16 17:43 4474436 ----a-w- c:\program files\special - blood manor.mp3
2008-10-16 17:41 . 2008-10-16 17:40 4537403 ----a-w- c:\program files\blood manor 3.mp3
2008-10-16 17:38 . 2008-10-16 17:37 4308053 ----a-w- c:\program files\blood manor2.mp3
2008-10-16 17:26 . 2008-10-16 17:25 4568652 ----a-w- c:\program files\Blood Manor1.mp3
2006-11-05 23:40 . 2006-11-05 23:39 3309887 ----a-w- c:\program files\fab.mp3
2003-08-27 18:19 . 2007-05-15 01:47 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-22 23:41 . 2008-06-30 18:52 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-11-12 08:23 . 2006-10-26 00:50 9515552 --sha-w- c:\windows\system32\drivers\fidbox.dat
2006-11-12 05:22 . 2006-10-26 00:50 262688 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-06-25 1578736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-04-16 259624]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-05 16120832]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]

c:\documents and settings\Owner.FMO\Start Menu\Programs\Startup\
santa.bat [2009-5-26 196]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-2-13 1512720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.FMO^Start Menu^Programs^Startup^Adobe Gamma.lnk.disabled]
backup=c:\windows\pss\Adobe Gamma.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.FMO^Start Menu^Programs^Startup^LimeWire Turbo Accelerator.lnk.disabled]
backup=c:\windows\pss\LimeWire Turbo Accelerator.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"kav"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
"PrevxOne"="c:\program files\Prevx1\PXConsole.exe"
""=
"Alcmtr"=ALCMTR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154369075\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154369075\\EE\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/17/2008 12:35 PM 28544]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [11/8/2008 3:50 AM 4930]
R1 PrevxTdi;PREVX Tdi filter;c:\windows\system32\drivers\pxtdi.sys [10/25/2006 9:08 PM 18432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/2/2008 8:21 PM 24652]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 PrevxEmulator;PREVX Emulator Driver;c:\windows\system32\drivers\PxEmu.sys [10/25/2006 9:08 PM 100864]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
.

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Tue Jul 28, 2009 7:24 pm

------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Owner.FMO\APPLIC~1\Mozilla\Firefox\Profiles\5td3fu02.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {FEB75E44-C985-43FA-A55B-E06EB54DD0B7} - c:\documents and settings\Owner.FMO\Local Settings\Application Data\{FEB75E44-C985-43FA-A55B-E06EB54DD0B7}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-28 19:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,69,8b,66,63,93,
69,27,20,c8,28,51,af,b0,29,a3,98,a5,41,70,ab,13,21,f5,64,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0a,24,1d,55,89,
2e,69,9f,71,3b,04,66,8b,46,0d,96,58,e5,d0,84,c8,99,46,54,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,93,0f,77,d3,13,
ce,d2,46,25,da,ec,7e,55,20,c9,26,90,bb,90,b0,78,0f,45,ea,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,46,0f,37,86,a6,
e4,e0,a9,3e,1e,9e,e0,57,5a,93,61,eb,b0,15,b8,1d,4e,15,5d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,81,da,6a,0f,e5,
d1,33,a2,cd,44,cd,b9,a6,33,6c,cd,3c,7f,75,d3,4b,7d,9c,af,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,90,7b,a5,b6,8a,
0e,a9,a9,b0,18,ed,a7,3f,8d,37,a4,40,ae,9d,a1,42,91,c3,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,7a,12,7a,d8,b7,
50,4e,31,31,77,e1,ba,b1,f8,68,02,0b,1b,5c,a4,29,68,88,38,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,52,4b,27,7c,e0,
3e,52,17,83,6c,56,8b,a0,85,96,ab,c0,21,5c,d4,6e,c8,fd,4a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,4f,af,d5,76,f2,
d7,d5,c3,51,fa,6e,91,28,9e,14,cc,e7,96,18,7c,3c,0b,26,f4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ee,0b,10,6a,de,
eb,57,f7,b1,cd,45,5a,a8,c4,f8,b9,d0,4b,00,fc,23,d2,69,de,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e6,42,6b,df,00,
57,21,7f,e3,0e,66,d5,eb,bc,2f,6b,47,06,f4,1c,da,f1,88,a9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,78,96,d0,7a,d8,
09,40,1f,fa,ea,66,7f,d4,3b,6b,70,e4,ec,cc,6a,2f,1b,ef,c9,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\browselc.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\AOL\1154369075\EE\aolsoftware.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2009-07-28 19:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 23:15
ComboFix2.txt 2009-03-02 20:56
ComboFix3.txt 2008-09-09 20:13
ComboFix4.txt 2008-09-06 18:41

Pre-Run: 41,807,429,632 bytes free
Post-Run: 41,798,455,296 bytes free

343 --- E O F --- 2008-12-12 02:06

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Belahzur on Wed Jul 29, 2009 1:54 pm

Next,

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Wed Jul 29, 2009 5:07 pm

1st Email Extractor
3GP Video Converter 3
3ivx D4 4.5.1 (remove only)
AC-3 ACM Codec
Account Creator
ACE Mega CoDecS Pack
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Antares Auto-Tune v4.39
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Audacity 1.3.5 (Unicode)
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8300 smartphone
BlackBerry Device Software v4.5.0 for the BlackBerry 8300 smartphone
Boilsoft Video Joiner 5.24
Canon iP1700
Canon iP1700 User Registration
CCleaner (remove only)
Collab
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.3.2.100
Cypress USB Mass Storage Driver Installation
Defraggler (remove only)
Digital Media Reader
Digital Voice Editor 3
Diskeeper 2008 Pro Premier
DivX Converter
DivX Player
DivX Web Player
Dragon NaturallySpeaking 9 Recorder Edition
DVD Ripper Platinum 4
DVD Solution
DVDx
Easy Video Joiner 5.21
Easy-WebPrint
EVPmaker 2.5
FileASSASSIN
FL Studio 6
FL Studio 6.3 public beta
FL Studio 8
Flash DVD Ripper
FriendBlasterPro
FruityLoops Studio Producer Edition v5.02
Google Desktop
HijackThis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
IL Download Manager
ImTOO DVD Ripper Platinum 5
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 11
LimeWire PRO 5.1.2
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MIKSOFT Mobile 3GP converter
Mozilla Firefox (3.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Napster Burn Engine
nCleaner second 2.3.4.0
neroxml
NoAdware v5.0
P2P Energy Toolbar
Pinnacle Instant DVD Recorder
Power Email Extractor Pro 3.4
Power2Go 4.0
PowerDVD
Prevx1
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RegCure 1.6.0.0
Registry Mechanic 8.0
Roxio Easy Media Creator 7
Safari
save2pc Light 3.21
ScummVM 0.11.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Sound Blaster Live! Web 2K/XP
SUPERAntiSpyware Free Edition
Uninstall 1.0.0.0
USB Storage Adapter FX (SM1)
VCRedistSetup
Viewpoint Media Player
Virtual DJ - Atomix Productions
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
WinPcap 3.1
WinRAR archiver
Xilisoft 3GP Video Converter

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Belahzur on Thu Jul 30, 2009 2:45 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by concept on Thu Jul 30, 2009 10:42 pm

GooredFix by jpshortstuff (12.07.09)
Log created at 22:44 on 30/07/2009 (Owner)
Firefox version 3.0.12 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
[You must be registered and logged in to see this link.] [01:38 09/03/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:52 30/06/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:27 14/03/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:27 14/03/2009]

-=E.O.F=-

concept
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-07-26
OS OS : XP
Points Points : 26932
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus 2009 Problem -Please Help!

Post by Belahzur on Fri Jul 31, 2009 4:15 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 2
    Java(TM) 6 Update 11
    LimeWire PRO 5.1.2
    NoAdware v5.0
    P2P Energy Toolbar
    RegCure 1.6.0.0
    Registry Mechanic 8.0
    Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\documents and settings\Owner.FMO\Local Settings\Application Data\{FEB75E44-C985-43FA-A55B-E06EB54DD0B7}

Firefox::
FF - ProfilePath - c:\docume~1\Owner.FMO\APPLIC~1\Mozilla\Firefox\Profiles\5td3fu02.default\
FF - HiddenExtension: XUL Cache: {FEB75E44-C985-43FA-A55B-E06EB54DD0B7} - c:\documents and settings\Owner.FMO\Local Settings\Application Data\{FEB75E44-C985-43FA-A55B-E06EB54DD0B7}

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum