PC Antispyware 2010

View previous topic View next topic Go down

PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 4:59 pm

My computer is infected with PC Antispyware 2010. There's a small red X in the bottom right-hand corner of the screen. Also, there are pop-ups that say "Your computer is infected! Windows has detected spyware infection!..." I've attempted to scan with both MalwareBytes and SpyHunter and both stopped mid-scan. When I try to open them now, it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. Same thing happened with HijackThis!, which is why I didn't post a log. I would be very grateful for some help.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 30th August 2009, 5:35 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 6:07 pm

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 180224 bytes [23:29 11/01/2007] [08:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--- 181248 bytes [04:12 22/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [00:53 05/11/2005] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [00:53 05/11/2005] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll -----c 407040 bytes [17:50 21/08/2009] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [23:28 11/01/2007] [08:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--- 407040 bytes [04:11 22/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 408064 bytes [00:53 05/11/2005] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\system32\netlogon.dll --a--- 408064 bytes [00:53 05/11/2005] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772

Searching for "eventlog.dll"
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 55808 bytes [23:28 11/01/2007] [08:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--- 56320 bytes [04:10 22/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [00:52 05/11/2005] [12:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 63488 bytes [00:52 05/11/2005] [12:00 04/08/2004] (Unable to calculate MD5)

-=End Of File=-

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 30th August 2009, 8:01 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 9:16 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 30th August 2009, 9:38 pm

Hello.
Delete the version of Hijack This you have now, and re-download from here:
[You must be registered and logged in to see this link.]

Run it and do a system scan with logfile.
Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 9:41 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:54 PM, on 8/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\WINDOWS\braviax.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\mdm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\install.exe
C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Genene Rogers\Desktop\winlogon(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\sorry.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 system-guard2009.microsoft.com
O1 - Hosts: 91.206.201.8 system-guard2009.com
O1 - Hosts: 91.206.201.8 [You must be registered and logged in to see this link.]
O2 - BHO: C:\WINDOWS\system32\tajf83ikdmf.dll - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Icucemoj] rundll32.exe "C:\WINDOWS\arisewis.dll",e
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [] C:\Documents and Settings\Genene Rogers\.exe /i
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\winamp.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PrivacyCenter - {5199201E-60B4-11DE-85CF-260556D89593} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5766E415-E19F-4AFB-8181-80FBC84D2FF6}: NameServer = 193.22.143.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13624 bytes

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 30th August 2009, 9:45 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\sorry.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.206.201.8 system-guard2009.microsoft.com
    O1 - Hosts: 91.206.201.8 system-guard2009.com
    O1 - Hosts: 91.206.201.8 [You must be registered and logged in to see this link.]
    O2 - BHO: C:\WINDOWS\system32\tajf83ikdmf.dll - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Icucemoj] rundll32.exe "C:\WINDOWS\arisewis.dll",e
    O4 - HKLM\..\Run: [braviax] braviax.exe
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [] C:\Documents and Settings\Genene Rogers\.exe /i
    O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
    O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\GENENE~1\LOCALS~1\Temp\winamp.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: [You must be registered and logged in to see this link.]
    O15 - Trusted Zone: *.gomyhit.com
    O20 - AppInit_DLLs: cru629.dat
    O20 - Winlogon Notify: crypt - crypts.dll (file missing)
    O22 - SharedTaskScheduler: ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll
    O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 10:32 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/29/2009 5:51:23 PM
mbam-log-2009-08-29 (17-51-23).txt

Scan type: Quick Scan
Objects scanned: 125017
Time elapsed: 14 minute(s), 47 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 88
Registry Values Infected: 9
Registry Data Items Infected: 16
Folders Infected: 11
Files Infected: 113

Memory Processes Infected:
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\ctorcnT.dll (Trojan.Agent.V) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kma (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kma.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusXP (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiVirusXP (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icucemoj (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 10:33 pm

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: ctorcnt.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data\Genene Rogers (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 30th August 2009, 10:34 pm

Files Infected:
C:\WINDOWS\ctorcnT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\fyblb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ppc.exe (Trojan.Agent.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Local Settings\Temp\cmeasnrwox.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Local Settings\Temp\ncoxswmear.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Local Settings\Temp\stylrit0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data\Genene Rogers\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data\Genene Rogers\outfit.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data\Genene Rogers\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Application Data\FunWebProducts\Data\Genene Rogers\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\Windows Antivirus Pro.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\dbsinit.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\arisewis.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Desktop\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Genene Rogers\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 31st August 2009, 1:30 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 1st September 2009, 2:20 am

DDS (Ver_09-07-30.01) - NTFSx86
Run by Genene Rogers at 21:52:06.06 on Sun 08/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.139 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Genene Rogers\Desktop\dds.pif

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 1st September 2009, 2:20 am

============== Pseudo HJT Report ===============

uSearch Bar = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [GreedyTorrent] "c:\program files\greedytorrent\GTor.exe" -tray
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Mp4 Player] "c:\program files\mp4 player\Mp4Player.exe" hmw
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,_RunDLLEntry@16
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-explorer: NoActiveDesktop = 00000000
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - [You must be registered and logged in to see this link.]
TCP: {5766E415-E19F-4AFB-8181-80FBC84D2FF6} = 193.22.143.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\genene~1\applic~1\mozilla\firefox\profiles\ufmpftm8.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - HiddenExtension: XUL Cache: {72FC8A50-182B-42A2-8A03-72883EC51473} - c:\documents and settings\genene rogers\local settings\application data\{72FC8A50-182B-42A2-8A03-72883EC51473}
FF - HiddenExtension: XUL Cache: {E2106BF5-4737-456B-949B-7091D2F3AE42} - c:\documents and settings\networkservice\local settings\application data\{e2106bf5-4737-456b-949b-7091d2f3ae42}\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{D32E07CF-93C8-4AA3-9DB8-95B5B83D6AE7}

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 1st September 2009, 2:21 am

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-23 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 96520]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-24 26824]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-1-5 33824]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-7-23 719392]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-24 231192]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-11-4 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-11-4 122368]
S0 ocnzxdla;ocnzxdla;c:\windows\system32\drivers\jirwbxvb.sys []
S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S2 pvubhtvnbwz;pvubhtvnbwz;\??\c:\windows\system32\drivers\edwizu.sys --> c:\windows\system32\drivers\edwizu.sys [?]
S2 windev-4295-6200;windev-4295-6200;\??\c:\windows\system32\windev-4295-6200.sys --> c:\windows\system32\windev-4295-6200.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-11-4 245760]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-11 348752]
S3 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-11 1097096]

=============== Created Last 30 ================

2009-08-30 18:44 --d----- c:\program files\Audacity
2009-08-29 17:35 2,987 a------- c:\windows\elekeqoda.dll
2009-08-29 16:52 3,003 a------- c:\windows\iqinalep.dll
2009-08-28 17:33 --d----- c:\docume~1\alluse~1\applic~1\CA
2009-08-28 17:15 --d----- c:\program files\Enigma Software Group
2009-08-28 15:08 2,995 a------- c:\windows\ekidevipejidedu.dll
2009-08-27 21:50 120 a------- c:\windows\Scehamabimon.dat
2009-08-27 21:09 2,979 a------- c:\windows\ufepagidi.dll
2009-08-27 06:17 14,336 a------- C:\osps.exe
2009-08-27 06:17 12,288 a------- C:\pvewnn.exe
2009-08-21 21:33 --d----- c:\program files\JL2005C
2009-08-21 21:32 --d----- c:\program files\GirlTech
2009-08-14 13:38 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-13 23:47 --d----- c:\windows\system32\XPSViewer
2009-08-13 23:46 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-13 23:46 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-13 23:46 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-13 23:46 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-13 23:46 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-13 23:46 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 23:46 --d----- C:\06459c65232a5330b00ba77f81c380
2009-08-13 23:46 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-13 23:46 --d----- c:\windows\SxsCaPendDel
2009-08-13 20:11 --d----- c:\program files\MSXML 6.0
2009-08-13 20:10 --d----- C:\73e4dbf0bc45cd7959f282c8
2009-08-13 20:10 --d----- C:\4aa91dd8b8be472f0c4f5a
2009-08-11 14:08 --d----- c:\docume~1\alluse~1\applic~1\Fugazo
2009-08-11 14:07 --d----- c:\program files\Cooking Academy
2009-08-11 14:07 --d----- c:\program files\ReflexiveArcade

==================== Find3M ====================

2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2007-03-02 18:37 0 ----h--- c:\program files\AppUpdate.log

============= FINISH: 21:53:42.76 ===============

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 1st September 2009, 5:05 pm

Hello.
Still need to go deeper.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 2nd September 2009, 1:35 am

ComboFix 09-09-01.04 - Genene Rogers 08/31/2009 20:30.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.107 [GMT -7:00]
Running from: c:\documents and settings\Genene Rogers\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG10.tmp
C:\LOG102.tmp
C:\LOG10D.tmp
C:\LOG10E.tmp
C:\LOG11.tmp
C:\LOG115.tmp
C:\LOG118.tmp
C:\LOG11A.tmp
C:\LOG11D.tmp
C:\LOG11E.tmp
C:\LOG12.tmp
C:\LOG13.tmp
C:\LOG134.tmp
C:\LOG14.tmp
C:\LOG14E.tmp
C:\LOG15.tmp
C:\LOG16.tmp
C:\LOG17.tmp
C:\LOG18.tmp
C:\LOG187.tmp
C:\LOG19.tmp
C:\LOG1A.tmp
C:\LOG1AC.tmp
C:\LOG1B.tmp
C:\LOG1BF.tmp
C:\LOG1C.tmp
C:\LOG1CC.tmp
C:\LOG1D.tmp
C:\LOG1E.tmp
C:\LOG1F.tmp
C:\LOG1F1.tmp
C:\LOG1F3.tmp
C:\LOG1FA.tmp
C:\LOG1FD.tmp
C:\LOG20.tmp
C:\LOG209.tmp
C:\LOG20A.tmp
C:\LOG21.tmp
C:\LOG234.tmp
C:\LOG24C.tmp
C:\LOG258.tmp
C:\LOG26.tmp
C:\LOG29.tmp
C:\LOG292.tmp
C:\LOG2C.tmp
C:\LOG2EA.tmp
C:\LOG31.tmp
C:\LOG324.tmp
C:\LOG33.tmp
C:\LOG34.tmp
C:\LOG36.tmp
C:\LOG39.tmp
C:\LOG39D.tmp
C:\LOG3B.tmp
C:\LOG3E6.tmp
C:\LOG3F.tmp
C:\LOG46.tmp
C:\LOG49.tmp
C:\LOG4C.tmp
C:\LOG4F.tmp
C:\LOG50.tmp
C:\LOG56.tmp
C:\LOG58.tmp
C:\LOG59.tmp
C:\LOG5A.tmp
C:\LOG5B.tmp
C:\LOG5C.tmp
C:\LOG5F.tmp
C:\LOG62.tmp
C:\LOG64.tmp
C:\LOG65.tmp
C:\LOG6D.tmp
C:\LOG77.tmp
C:\LOG84.tmp
C:\LOG8D.tmp
C:\LOG9.tmp
C:\LOG96.tmp
C:\LOG98.tmp
C:\LOG99.tmp
C:\LOG9B.tmp
C:\LOG9D.tmp
C:\LOGA.tmp
C:\LOGA9.tmp
C:\LOGAB.tmp
C:\LOGAC.tmp
C:\LOGAF.tmp
C:\LOGB.tmp
C:\LOGB2.tmp
C:\LOGC.tmp
C:\LOGC1.tmp
C:\LOGC5.tmp
C:\LOGCB.tmp
C:\LOGCD.tmp
C:\LOGCE.tmp
C:\LOGD.tmp
C:\LOGD2.tmp
C:\LOGD5.tmp
C:\LOGD7.tmp
C:\LOGE.tmp
C:\LOGE6.tmp
C:\LOGF.tmp
C:\LOGF7.tmp
C:\LOGFF.tmp

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 2nd September 2009, 1:35 am

c:\program files\Mozilla Firefox\extensions\{D32E07CF-93C8-4AA3-9DB8-95B5B83D6AE7}
c:\program files\Mozilla Firefox\extensions\{D32E07CF-93C8-4AA3-9DB8-95B5B83D6AE7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D32E07CF-93C8-4AA3-9DB8-95B5B83D6AE7}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{D32E07CF-93C8-4AA3-9DB8-95B5B83D6AE7}\install.rdf
c:\recycler\S-1-5-21-2369461160-35945199-3371764974-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\ekidevipejidedu.dll
c:\windows\elekeqoda.dll
c:\windows\hkcrRT.reg
c:\windows\Installer\103548c.msp
c:\windows\Installer\10363bf.msp
c:\windows\Installer\10dc065.msp
c:\windows\Installer\110ec68.msp
c:\windows\Installer\1139f72.msp
c:\windows\Installer\11847c5.msp
c:\windows\Installer\11bf41a.msp
c:\windows\Installer\11e1454.msp
c:\windows\Installer\121e188.msp
c:\windows\Installer\130d829.msp
c:\windows\Installer\1361038.msp
c:\windows\Installer\137adac.msp
c:\windows\Installer\1428fdd.msp
c:\windows\Installer\145cca9.msp
c:\windows\Installer\14630e.msp
c:\windows\Installer\1464515.msi
c:\windows\Installer\1464516.msp
c:\windows\Installer\1464517.msp
c:\windows\Installer\1464518.msp
c:\windows\Installer\1464519.msp
c:\windows\Installer\146451a.msp
c:\windows\Installer\146451b.msp
c:\windows\Installer\146451c.msp
c:\windows\Installer\146451d.msp
c:\windows\Installer\146451e.msp
c:\windows\Installer\147434c.msp
c:\windows\Installer\1479266.msp
c:\windows\Installer\148a29d.msp
c:\windows\Installer\149d0dc.msp
c:\windows\Installer\14d1ac7.msp
c:\windows\Installer\14f78ad.msp
c:\windows\Installer\14ff33c.msp
c:\windows\Installer\15706c2.msp
c:\windows\Installer\15bf4c8.msp
c:\windows\Installer\15fead2.msp
c:\windows\Installer\164494a.msp
c:\windows\Installer\169e91b.msp
c:\windows\Installer\16c8051.msp
c:\windows\Installer\16eae6c.msp
c:\windows\Installer\16fc7fa.msp
c:\windows\Installer\1777dbb.msp
c:\windows\Installer\1795e04.msp
c:\windows\Installer\17a0ce2.msp
c:\windows\Installer\17bed0c.msp
c:\windows\Installer\18023e7.msp
c:\windows\Installer\189a476.msp
c:\windows\Installer\18b01b4.msp
c:\windows\Installer\18bced7.msp
c:\windows\Installer\18ec459.msp
c:\windows\Installer\19276a3.msp
c:\windows\Installer\1931b9e.msp
c:\windows\Installer\1961b80.msp
c:\windows\Installer\19744cd.msp
c:\windows\Installer\19aa11.msp
c:\windows\Installer\19e0997.msp
c:\windows\Installer\1a13992.msp
c:\windows\Installer\1a1a5c9.msp
c:\windows\Installer\1a49957.msp
c:\windows\Installer\1a7e48a.msp
c:\windows\Installer\1aabc91.msp
c:\windows\Installer\1b0c9f.msp
c:\windows\Installer\1c9cb40.msp
c:\windows\Installer\1ce14f8.msp
c:\windows\Installer\1d30698.msp
c:\windows\Installer\1dfa0d9.msp
c:\windows\Installer\1e3154f.msp
c:\windows\Installer\1e344c.msp
c:\windows\Installer\1ea00bc.msp
c:\windows\Installer\1efb667.msp
c:\windows\Installer\1f04bc.msp
c:\windows\Installer\1f8e9b0.msp
c:\windows\Installer\21301.msp
c:\windows\Installer\21f7473.msp
c:\windows\Installer\2262b.msp
c:\windows\Installer\22f53.msp
c:\windows\Installer\22fa1.msp
c:\windows\Installer\23134f2.msp
c:\windows\Installer\235ac.msp
c:\windows\Installer\23619.msp
c:\windows\Installer\2385c00.msp
c:\windows\Installer\23bd94f.msp
c:\windows\Installer\23dd0e9.msp
c:\windows\Installer\23ed4.msp
c:\windows\Installer\23f32.msp
c:\windows\Installer\242fa.msp
c:\windows\Installer\244a0.msp
c:\windows\Installer\24608.msp
c:\windows\Installer\246c3.msp
c:\windows\Installer\249d18b.msp
c:\windows\Installer\24a3e.msp
c:\windows\Installer\24c22.msp
c:\windows\Installer\24fbc.msp
c:\windows\Installer\2500a.msp
c:\windows\Installer\250d5.msp
c:\windows\Installer\252aa.msp
c:\windows\Installer\25365.msp
c:\windows\Installer\253b4.msp
c:\windows\Installer\25440.msp
c:\windows\Installer\255c7.msp
c:\windows\Installer\25605.msp
c:\windows\Installer\25644.msp
c:\windows\Installer\25692.msp
c:\windows\Installer\256a2.msp
c:\windows\Installer\2571f.msp
c:\windows\Installer\2577c.msp
c:\windows\Installer\25838.msp
c:\windows\Installer\25932.msp
c:\windows\Installer\2599f.msp
c:\windows\Installer\259fd.msp
c:\windows\Installer\25a5b.msp
c:\windows\Installer\25bc2.msp
c:\windows\Installer\25c20.msp
c:\windows\Installer\25c7c79.msp
c:\windows\Installer\25d0a.msp
c:\windows\Installer\25d97.msp
c:\windows\Installer\2618e.msp
c:\windows\Installer\261ae.msp
c:\windows\Installer\26382.msp
c:\windows\Installer\2649c.msp
c:\windows\Installer\26519.msp
c:\windows\Installer\26693e8.msp
c:\windows\Installer\267b91f.msp
c:\windows\Installer\26bef.msp
c:\windows\Installer\26d18.msp
c:\windows\Installer\26ebb40.msp
c:\windows\Installer\27054.msp
c:\windows\Installer\27063.msp
c:\windows\Installer\27555.msp
c:\windows\Installer\275c2c.msi
c:\windows\Installer\27bf2ea.msp
c:\windows\Installer\27c5e95.msp
c:\windows\Installer\27fd4.msp
c:\windows\Installer\28080.msp
c:\windows\Installer\280a0.msp
c:\windows\Installer\280c03.msp
c:\windows\Installer\280eb03.msp
c:\windows\Installer\285df.msp
c:\windows\Installer\28c91fb.msp
c:\windows\Installer\28cf4.msp
c:\windows\Installer\2936849.msp
c:\windows\Installer\295abf0.msp
c:\windows\Installer\29d5c81.msp
c:\windows\Installer\2a02a47.msp
c:\windows\Installer\2a1d4.msp
c:\windows\Installer\2a2615b.msp
c:\windows\Installer\2a30ed1.msp
c:\windows\Installer\2a5ded9.msp
c:\windows\Installer\2a9fa6d.msp
c:\windows\Installer\2ad0c12.msp
c:\windows\Installer\2b3b506.msp
c:\windows\Installer\2befae.msp
c:\windows\Installer\2bf82a2.msp
c:\windows\Installer\2c0346d.msp
c:\windows\Installer\2c0a5c5.msp
c:\windows\Installer\2c9237.msp
c:\windows\Installer\2ca9e52.msp
c:\windows\Installer\2cb446.msp
c:\windows\Installer\2cea93b.msp
c:\windows\Installer\2d231c6.msp
c:\windows\Installer\2d52757.msp
c:\windows\Installer\2d6642d.msp
c:\windows\Installer\2d89342.msp
c:\windows\Installer\2e190c5.msp
c:\windows\Installer\2e934f3.msp
c:\windows\Installer\2f1738b.msp
c:\windows\Installer\2f89a99.msp
c:\windows\Installer\2fcd30b.msp
c:\windows\Installer\301bf8a.msp
c:\windows\Installer\303df8c.msp
c:\windows\Installer\308df84.msp
c:\windows\Installer\30a9a53.msp
c:\windows\Installer\30b1cf1.msp
c:\windows\Installer\3101661.msp
c:\windows\Installer\3108ac6.msp
c:\windows\Installer\3142bba.msp
c:\windows\Installer\317a36c.msp
c:\windows\Installer\3188475.msp
c:\windows\Installer\319755d.msp
c:\windows\Installer\31c2e05.msp
c:\windows\Installer\31c7e67.msp
c:\windows\Installer\31ee3fd.msp
c:\windows\Installer\31f3682.msp
c:\windows\Installer\31fd93b.msp
c:\windows\Installer\32083c3.msp
c:\windows\Installer\321faf2.msp
c:\windows\Installer\324a30f.msp
c:\windows\Installer\32696ff.msp
c:\windows\Installer\32a486f.msp
c:\windows\Installer\32bcd4a.msp
c:\windows\Installer\335c087.msp
c:\windows\Installer\3378663.msp
c:\windows\Installer\3414b7c.msp
c:\windows\Installer\3448114.msp
c:\windows\Installer\348776c.msp
c:\windows\Installer\349c71e.msp
c:\windows\Installer\34ec689.msp
c:\windows\Installer\361220f.msp
c:\windows\Installer\3629239.msp
c:\windows\Installer\363fa74.msp
c:\windows\Installer\36451cb.msp
c:\windows\Installer\364bb72.msp
c:\windows\Installer\36e3113.msp
c:\windows\Installer\36f84dc.msp
c:\windows\Installer\370b5bb.msp
c:\windows\Installer\370fa84.msp
c:\windows\Installer\371dc59.msp
c:\windows\Installer\3780f.msp
c:\windows\Installer\38348fa.msp
c:\windows\Installer\3865a80.msp
c:\windows\Installer\3903b7e.msp
c:\windows\Installer\39c832b.msp
c:\windows\Installer\39ce495.msp
c:\windows\Installer\3a16d0b.msp
c:\windows\Installer\3a4e25c.msp
c:\windows\Installer\3a50015.msp
c:\windows\Installer\3b3d6f9.msp
c:\windows\Installer\3b3e0.msp
c:\windows\Installer\3bcf50.msi
c:\windows\Installer\3bcf51.msp
c:\windows\Installer\3bcf52.msp

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 2nd September 2009, 1:36 am

c:\windows\Installer\3bcf53.msp
c:\windows\Installer\3bcf54.msp
c:\windows\Installer\3bcf55.msp
c:\windows\Installer\3bcf56.msp
c:\windows\Installer\3bcf57.msp
c:\windows\Installer\3bcf58.msp
c:\windows\Installer\3bcf59.msp
c:\windows\Installer\3c92f54.msp
c:\windows\Installer\3cf67.msp
c:\windows\Installer\3cff1fa.msp
c:\windows\Installer\3d7f2.msp
c:\windows\Installer\3dbccc5.msp
c:\windows\Installer\3e8d551.msp
c:\windows\Installer\400c474.msp
c:\windows\Installer\400ee72.msp
c:\windows\Installer\402ec65.msp
c:\windows\Installer\40667c0.msp
c:\windows\Installer\40cb1dc.msp
c:\windows\Installer\40ebb77.msp
c:\windows\Installer\41d39cb.msp
c:\windows\Installer\426956c.msp
c:\windows\Installer\42be6b0.msp
c:\windows\Installer\42c07c5.msp
c:\windows\Installer\4317849.msp
c:\windows\Installer\4376d6f.msp
c:\windows\Installer\446c77d.msp
c:\windows\Installer\44e5d1.msp
c:\windows\Installer\453812d.msp
c:\windows\Installer\45ebf3b.msp
c:\windows\Installer\465d7a3.msp
c:\windows\Installer\4667e91.msp
c:\windows\Installer\46f9d77.msp
c:\windows\Installer\47e9a13.msp
c:\windows\Installer\49f1b.msp
c:\windows\Installer\4adcaa4.msp
c:\windows\Installer\4dffc.msp
c:\windows\Installer\5112f0a.msp
c:\windows\Installer\511f121.msp
c:\windows\Installer\545bf66.msp
c:\windows\Installer\552136.msp
c:\windows\Installer\57864.msp
c:\windows\Installer\58375f.msp
c:\windows\Installer\5cb31d0.msp
c:\windows\Installer\5ed45ff.msp
c:\windows\Installer\6116cd1.msp
c:\windows\Installer\634cc5c.msp
c:\windows\Installer\67554e.msp
c:\windows\Installer\67cb4.msp
c:\windows\Installer\6a369c.msp
c:\windows\Installer\6acb179.msp
c:\windows\Installer\6b1e6f8.msp
c:\windows\Installer\6b7b1c2.msp
c:\windows\Installer\6fa1f7f.msp
c:\windows\Installer\737e6.msp
c:\windows\Installer\7619026.msp
c:\windows\Installer\7682d53.msp
c:\windows\Installer\77f01.msp
c:\windows\Installer\78cf4f9.msp
c:\windows\Installer\79b82.msp
c:\windows\Installer\79eb2f7.msp
c:\windows\Installer\7eb8876.msp
c:\windows\Installer\7f5128a.msp
c:\windows\Installer\819051d.msp
c:\windows\Installer\82d74ed.msp
c:\windows\Installer\84b043f.msp
c:\windows\Installer\8761862.msp
c:\windows\Installer\8b7d50f.msp
c:\windows\Installer\8e7cc5b.msp
c:\windows\Installer\91a3a35.msp
c:\windows\Installer\9397aa2.msp
c:\windows\Installer\9450b06.msp
c:\windows\Installer\9ce10b8.msp
c:\windows\Installer\9d95c.msp
c:\windows\Installer\a01d90.msp
c:\windows\Installer\a1126.msp
c:\windows\Installer\a5543.msp
c:\windows\Installer\c0c6c4.msp
c:\windows\Installer\cfa53.msp
c:\windows\Installer\d4f630.msp
c:\windows\Installer\db641.msp
c:\windows\Installer\dccc6.msp
c:\windows\Installer\df165.msp
c:\windows\Installer\e3565d.msp
c:\windows\Installer\f08156.msp
c:\windows\Installer\f1c2a.msp
c:\windows\iqinalep.dll
c:\windows\regedit.com
c:\windows\run.log
c:\windows\system32\bnlxgqim.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\SKYNETgrkgtnpu.sys
c:\windows\system32\HiOYbccf.ini
c:\windows\system32\HiOYbccf.ini2
c:\windows\system32\ipkrwgkl.ini
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SKYNETdrjbfykd.dll
c:\windows\system32\SKYNETgsmddxbx.dat
c:\windows\system32\SKYNEThylkrvap.dat
c:\windows\system32\SKYNETpidwftpu.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\uniq.tll
c:\windows\system32\wpcap.dll
c:\windows\system32\ytrbofyl.ini
c:\windows\Temp\3304133684.exe
c:\windows\UA000071.DLL
c:\windows\ufepagidi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETibhcxjbo
-------\Legacy_SKYNETibhcxjbo
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Legacy_WINCOM32
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_AntipPro2009_100
-------\Service_NPF
-------\Service_oreans32
-------\Service_windev-4295-6200


((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 03:54 . 2009-09-01 03:54 -------- d-sh--w- C:\found.000
2009-08-31 01:44 . 2009-08-31 01:44 -------- d-----w- c:\program files\Audacity
2009-08-29 00:33 . 2009-08-29 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-08-29 00:15 . 2009-08-29 00:15 -------- d-----w- c:\program files\Enigma Software Group
2009-08-28 17:38 . 2009-08-28 17:38 -------- d-----w- c:\documents and settings\Genene Rogers\Local Settings\Application Data\PCHealth
2009-08-28 04:50 . 2009-08-30 00:14 120 ----a-w- c:\windows\Scehamabimon.dat
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\{E2106BF5-4737-456B-949B-7091D2F3AE42}
2009-08-27 13:17 . 2009-08-27 13:17 14336 ----a-w- C:\osps.exe
2009-08-27 13:17 . 2009-08-27 13:17 12288 ----a-w- C:\pvewnn.exe
2009-08-27 13:10 . 2009-08-27 13:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-08-27 13:10 . 2009-08-27 13:10 -------- d-----w- c:\documents and settings\Genene Rogers\Local Settings\Application Data\{72FC8A50-182B-42A2-8A03-72883EC51473}
2009-08-22 04:33 . 2009-08-22 04:33 -------- d-----w- c:\program files\JL2005C
2009-08-22 04:32 . 2009-08-22 04:32 -------- d-----w- c:\program files\GirlTech
2009-08-14 06:47 . 2009-08-14 06:47 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-14 06:47 . 2009-08-14 06:47 -------- d-----w- c:\program files\MSBuild
2009-08-14 06:47 . 2009-08-14 06:47 -------- d-----w- c:\program files\Reference Assemblies
2009-08-14 06:46 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-14 06:46 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-14 06:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-14 06:46 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-14 06:46 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-14 06:46 . 2009-08-14 06:47 -------- d-----w- C:\06459c65232a5330b00ba77f81c380
2009-08-14 06:46 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-14 06:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-14 06:46 . 2009-08-27 13:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-14 03:11 . 2009-08-14 03:11 -------- d-----w- c:\program files\MSXML 6.0
2009-08-14 03:10 . 2009-08-14 03:10 -------- d-----w- C:\73e4dbf0bc45cd7959f282c8
2009-08-14 03:10 . 2009-08-14 03:10 -------- d-----w- C:\4aa91dd8b8be472f0c4f5a
2009-08-11 21:08 . 2009-08-11 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-08-11 21:07 . 2009-08-12 20:53 -------- d-----w- c:\program files\Cooking Academy
2009-08-11 21:07 . 2009-08-11 21:07 -------- d-----w- c:\program files\ReflexiveArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 03:11 . 2009-07-24 01:38 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-09-01 02:37 . 2008-02-01 03:53 -------- d-----w- c:\documents and settings\Genene Rogers\Application Data\uTorrent
2009-08-30 00:29 . 2009-02-26 17:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 00:07 . 2007-07-24 19:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 01:01 . 2007-08-01 19:49 -------- d-----w- c:\documents and settings\Genene Rogers\Application Data\GetRightToGo
2009-08-29 00:17 . 2009-06-03 04:11 -------- d-----w- c:\program files\Google
2009-08-28 23:53 . 2009-06-12 02:00 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 20:11 . 2009-06-12 02:00 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-28 17:35 . 2008-02-02 06:11 -------- d-----w- c:\program files\Lx_cats
2009-08-27 13:24 . 2006-11-25 04:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2009-08-22 04:34 . 2006-11-25 04:56 55664 ----a-w- c:\documents and settings\Genene Rogers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 00:51 . 2008-02-02 02:52 -------- d-----w- c:\documents and settings\Genene Rogers\Application Data\U3
2009-08-13 09:00 . 2009-02-24 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 02:55 . 2008-12-16 05:37 -------- d-----w- c:\documents and settings\Genene Rogers\Application Data\mIRC
2009-08-09 02:54 . 2008-12-16 05:37 -------- d-----w- c:\program files\mIRC
2009-08-05 09:11 . 2005-11-05 00:53 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:36 . 2009-02-26 17:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-02-26 17:52 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 04:07 . 2009-07-24 04:07 -------- d-----w- c:\program files\uTorrent
2009-07-22 20:30 . 2009-07-22 20:30 -------- d-----w- c:\program files\phegdy
2009-07-17 18:55 . 2005-11-05 00:52 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2005-11-05 00:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-11-05 00:52 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:17 . 2005-11-05 00:53 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2005-11-05 00:53 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2005-11-05 00:53 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2005-11-05 00:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:17 . 2005-11-05 00:52 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2005-11-05 00:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:35 . 2005-11-05 00:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-11-05 00:53 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-11-05 00:52 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 03:17 . 2009-06-13 03:17 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-12 11:50 . 2005-11-05 00:53 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2005-11-05 00:52 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2005-11-05 00:53 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2005-11-05 02:26 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2005-11-05 00:53 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-03 01:37 . 2007-03-03 01:37 0 ---h--w- c:\program files\AppUpdate.log
2006-05-03 10:06 . 2008-02-27 00:42 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-02-27 00:42 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-27 00:42 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-27 00:42 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 2nd September 2009, 1:36 am

------- Sigcheck -------


[7] 2004-08-04 08:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[7] 2004-08-04 12:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-25 1232152]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-08-09 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15862:TCP"= 15862:TCP:BitComet 15862 TCP
"15862:UDP"= 15862:UDP:BitComet 15862 UDP
"11805:TCP"= 11805:TCP:@xpsp2res.dll,-22005
"62520:TCP"= 62520:TCP:@xpsp2res.dll,-22005
"56751:TCP"= 56751:TCP:@xpsp2res.dll,-22005
"19594:TCP"= 19594:TCP:BitComet 19594 TCP
"19594:UDP"= 19594:UDP:BitComet 19594 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 2:15 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/23/2009 1:09 PM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 6:11 PM 96520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 6:11 PM 231192]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S0 ocnzxdla;ocnzxdla;c:\windows\system32\drivers\jirwbxvb.sys []
S2 pvubhtvnbwz;pvubhtvnbwz;\??\c:\windows\system32\drivers\edwizu.sys --> c:\windows\system32\drivers\edwizu.sys [?]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/11/2009 7:00 PM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-GreedyTorrent - c:\program files\GreedyTorrent\GTor.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-Mp4 Player - c:\program files\Mp4 Player\Mp4Player.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: {5766E415-E19F-4AFB-8181-80FBC84D2FF6} = 193.22.143.11
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Genene Rogers\Application Data\Mozilla\Firefox\Profiles\ufmpftm8.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {72FC8A50-182B-42A2-8A03-72883EC51473} - c:\documents and settings\Genene Rogers\Local Settings\Application Data\{72FC8A50-182B-42A2-8A03-72883EC51473}
FF - HiddenExtension: XUL Cache: {E2106BF5-4737-456B-949B-7091D2F3AE42} - c:\documents and settings\NetworkService\Local Settings\Application Data\{E2106BF5-4737-456B-949B-7091D2F3AE42}\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-31 20:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\drivers\jirwbxvb.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3069237077-2687938023-873467294-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3430AC70-0D3E-7A8B-D608-5A8565B0D267}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gamhmlkkpacdgh"=hex:63,61,6e,64,70,6b,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\acs.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdccoms.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-01 21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 04:07

Pre-Run: 11,200,233,472 bytes free
Post-Run: 16,354,721,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

739 --- E O F --- 2009-08-25 13:34

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 2nd September 2009, 1:42 am

Hello.
A lot of malware left. Before we can remove that, we need to remove another infection or it will just re-spawn it all over again.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 2nd September 2009, 12:30 pm

Okay, for some reason now it's asking me for my password when I turn on the computer. I don't remember what my password is since I haven't had to enter it in for a long time. How can I find my password?

I'm posting this on another computer, by the way.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 2nd September 2009, 1:31 pm

A BIOS password? or a windows user account password?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 4th September 2009, 12:48 am

Well, it was a user account password, and I just couldn't figure it out so I used a system recovery disk. Everything seems to be working fine, except for the audio. In the Sounds and Audio Devices Properties, it only says "No Audio Device." How do I fix this problem?

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 4th September 2009, 3:31 pm

Did you re-install the audio drivers?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 4th September 2009, 10:07 pm

I'm not sure.

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by DaltonRogers on 5th September 2009, 10:22 pm

So what do I need to do?

DaltonRogers
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-13
OS OS : XP
Points Points : 27386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Antispyware 2010

Post by Belahzur on 6th September 2009, 6:28 pm

Hello.
I would advice opening a topic in the operating systems forum lower down the forum and explain your sound problem there.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum