Do I have Personal Antivirus?

View previous topic View next topic Go down

Do I have Personal Antivirus?

Post by larjoranj on 10th August 2009, 12:47 pm

3 days ago the personalonlinescanner from Personal Antivirus showed up while my wife was online. I tried to exit but could not so I turned the computer off. When we restarted there was no sign of it. I downloaded Malwarebytes and ran a full scan and everything came up clean. There has been no sign of it the last 3 days and when I search for files with Personal Antivirus nothing comes up. Can I be sure I'm clean? Is there anything else I need to do to be sure?

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Hello, Anybody?

Post by larjoranj on 12th August 2009, 10:32 pm

Having had no indication in 5 days of Personal Antivirus on my computer, can I assume it has not infected my computer? For those who have had it, does it pop up and bother you all the time? Would the Malwarebytes scan I ran have picked it up, or could it have missed it?

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Do I have Personal Antivirus?

Post by Belahzur on 13th August 2009, 12:06 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Requested log for Personal Antivirus check

Post by larjoranj on 13th August 2009, 11:10 am

DDS (Ver_09-07-30.01) - NTFSx86
Run by Phillip at 5:54:47.07 on Thu 08/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.223.108 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Phillip\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [S3TRAY2] S3tray2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phillip\applic~1\mozilla\firefox\profiles\nl13ekbi.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-9 308936]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2009-7-11 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2009-7-11 34992]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20020819.002\NAVENG.SYS [2003-4-21 66816]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20020819.002\NAVEX15.SYS [2003-4-21 590944]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2009-7-11 235184]
S2 SBService;scriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-14 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-20 63176]

=============== Created Last 30 ================

2009-08-13 05:32 --d-h--- c:\windows\PIF
2009-08-11 15:45 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 15:42 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 15:42 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-08 22:00 --d----- c:\docume~1\phillip\applic~1\Malwarebytes
2009-08-08 21:59 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-05 04:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 01:52 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-21 01:52 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-15 07:24 48,640 a------- c:\windows\system32\hpzll4pi.dll
2009-07-15 07:23 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-07-15 07:23 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-07-15 07:23 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-07-15 07:23 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-07-15 07:23 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-07-15 07:23 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-07-15 07:22 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-15 07:22 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-15 07:22 --d----- c:\program files\HP
2009-07-15 07:21 123,131 a------- c:\windows\HPHins12.dat
2009-07-15 07:21 14,916 -------- c:\windows\hphmdl12.dat
2009-07-15 07:20 77,824 a------- c:\windows\system32\hpzids01.dll
2009-07-15 07:12 56 a------- C:\ut9x.bat
2009-07-15 07:12 54 a------- C:\ut.bat

==================== Find3M ====================

2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-11 05:42 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2003-04-21 09:53 32 a--sh--- c:\windows\{ACBD192C-B55B-4A66-8219-E55C4C8F00FD}.dat
2003-04-21 09:53 32 a--sh--- c:\windows\system32\{0947AF87-710F-482F-97EE-97B6BA59E74D}.dat

============= FINISH: 5:55:26.50 ===============

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Do I have Personal Antivirus?

Post by Doctor Inferno on 13th August 2009, 11:13 am

Hello larjoranj,

Please use the Post Reply button instead of the New Topic button. Thank you.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Ooops.

Post by larjoranj on 13th August 2009, 12:21 pm

My Bad

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Do I have Personal Antivirus?

Post by Belahzur on 13th August 2009, 4:14 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\ut9x.bat
    C:\ut.bat


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

OTMoveit log

Post by larjoranj on 14th August 2009, 9:55 am

========== FILES ==========
C:\ut9x.bat moved successfully.
C:\ut.bat moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 08142009_045135

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Do I have Personal Antivirus?

Post by Belahzur on 14th August 2009, 6:16 pm

Hello.
The log looks good, I don't think personal AV is present here.

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Do I have Personal Antivirus?

Post by larjoranj on 14th August 2009, 8:45 pm

It's running fine. Thanks.

larjoranj
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-08-10
OS OS : xp
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum