Lingering bugs from Windows Antivirus Pro and Police Pro

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Fri Sep 04, 2009 3:48 pm

So, awhile ago I ended up with the nasty bug Windows Antivirus Pro, got rid of it, and then got Police Pro (?) and I thought I got rid of it also.
Now when I do a google search, it either says I'm not connected to the internet or it redirects me to a totally different site.
I also have this box popping up saying Windows Host Services has stopped working, this is the gist of it:
Problem signature:
Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4a481bab
Fault Module Name: svchost.exe
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4a481bab
Exception Code: c0000005
Exception Offset: 000019f8
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 8c7b
Additional Information 2: a2b27670b4f4d59fb0605ee22364f434
Additional Information 3: 16f1
Additional Information 4: d6c18d2618f1fcb49a85bd3d0f1081fb

Read our privacy statement:
[You must be registered and logged in to see this link.]

The next post is the HiJackThis log. I also already have malwarebytes, spybot, and McAfee

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Fri Sep 04, 2009 3:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:25 PM, on 8/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition Import Utilities Class v6) - [You must be registered and logged in to see this link.]
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14310 bytes

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Fri Sep 04, 2009 3:53 pm

I don't get it, the last time I checked, today is September 4 and it is 9:51am, why is the log saying something different?
When I try to get back into HiJackThis, it says it is already running. Now what?
Thanx

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Fri Sep 04, 2009 9:32 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Fri Sep 04, 2009 10:48 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2710
Windows 6.0.6000

9/4/2009 4:47:12 PM
mbam-log-2009-09-04 (16-47-12).txt

Scan type: Quick Scan
Objects scanned: 96783
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Sat Sep 05, 2009 9:01 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sat Sep 05, 2009 9:22 pm

Ok, so this is the box that is popping up:
As per the instructions you would have received, kindly ensure any onboard script blocking tools have been disabled for they shall interfere with DDS

How do I disable this script blocking tool? I have looked in the internet options and could not find it anywhere.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sat Sep 05, 2009 9:30 pm

Ok, so I tried to downloaded the DDS and it looks like it put Police Pro on my pc, and it says it is a major virus, thanx.
Any other ideas?

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 2:20 am

Now I have this thing on the computer called Protection System Software by coreguard2009. I also keep getting porn sites on my desktop, virus popups, and I can't open any of my security programs including windows defender, firewall, spybot, or malwarebytes. Please I need help with this. All of this started when I tried installing the links above.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Metalmusk on Sun Sep 06, 2009 2:27 am

You are increasing the Malware Count in your PC Sad tearing

Police pro is a recent rogue application & protection System is another Rogue scareware. Sad tearing

Surely its not from the above links.

Metalmusk
Novice
Novice

Status :
Online
Offline

Posts : 43
Joined : 2009-06-21
OS : XP

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 2:33 am

Yes, the protection system started after trying to install the links above. The only problem I had was a box popping up saying that 'the host process for windows services has stopped working'. After trying to install the links above, I ended up with this system protection and the porn sites on the desktop, and I can't open anything that has to do with security.
Would you know what the individual files are associated with the system protection bug? Maybe I can delete them manually.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 3:06 am

I found a list of the files associated with the system protection and I cannot delete wscvc32.exe or find ntoskrnl-hook. Any ideas?
I think that until I can get rid of the exe file, I'm going to continue having these problems of porn sites, not being able to open my security or scan software.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 3:30 am

I was wondering if I should uninstall malwarebytes and then reinstall it, because I cannot run it as of right now.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 5:12 am

I uninstalled malwarebytes and reinstalled it, and it crashes when I try to run it. Help please

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Sun Sep 06, 2009 6:11 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 9:45 pm

I'll give it a shot. I have to right click on everything and run it as administrator.
I was looking through the pc last night because I couldn't delete the wscvc.exe file, and I was wondering if when in the properties dialog box, if the fact that their isn't an owner of the program listed and no permissions are granted, if that is why I can't delete it.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Origin on Sun Sep 06, 2009 10:32 pm

I would let it be until we see if its infected or not.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 10:35 pm

Here is the system look log file, that took a long time:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:42 on 06/09/2009 by Specter (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [07:53 11/04/2009] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\System32\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61

Searching for "netlogon.dll"
C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [07:55 11/04/2009] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\System32\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B

Searching for "eventlog.dll"
No files found.

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Origin on Sun Sep 06, 2009 10:38 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 10:49 pm

it says it will only run on a pc that has 32bit version of windows. Now what do I do. I could have sworn my pc windows version is a 32bit

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 10:50 pm

And I can't shutoff my antivirus software as this virus won't let me get to them

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Origin on Sun Sep 06, 2009 10:54 pm

You are running a 32bit operating system, hmm thats weird, see if you can do this instead:

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Sun Sep 06, 2009 11:45 pm

so, I'm doing the scan right now, and it has been on 5% for 11 minutes now. Is it supposed to take this long or is it stuck? The total scan time is still counting, so I was just wondering.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 12:35 am

A box popped up saying it had quit working at 23 minutes and no log txt file was saved to my pc. Help please

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Mon Sep 07, 2009 8:45 pm

Hello.
Are you able to run a scan with Mcafee?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 9:40 pm

yes, the last time I ran the scan, it only found 2 and that was yesterday. I don't think McAfee can find it, but I will try again.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 9:45 pm

I think if I could figure out how to run malwarebytes, it would help. Is there a backdoor way to get it to run?
I have tried uninstalling it, installing it, renaming it, saving it on a flash drive and then sending it to the desktop to install. This morning I put the installer in the startup folder hoping it would start and run upon startup, no such luck.
As of today, in order to open anything, I have to right click and run as administrator, I still can't get into my security center, it is saying a dll file is missing, malwarebytes crashes before it even starts.

The only good thing is I'm not getting any more fake security alerts and the porn sites have not popped up yet, but it is still early.
I'm going to try and run HiJackThis and if it works I will post the log here.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 9:52 pm

These are the ones I have questions about:
02 BHO (no name)
02 BHO Browser address error redirector
013 Gopher prefix
023 PrismXL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:31 PM, on 9/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

[You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]

704834&2d68374132e7e862d4931143b094c5cf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows

Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program

Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program

Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} -

C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-

76C02E2E7C4E} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-

A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -

C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} -

C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program

Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"

/runkey
O4 - HKLM\..\Run: [B40750EF1C79949C] \\?\globalroot\systemroot\system32

\B40750EF1C79949C.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon

Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Startup: mbam-setup.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.]

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

[You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]

\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3

-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

[You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

[You must be registered and logged in to see this link.]

20Angeles/Images/stg_drm.ocx
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -

[You must be registered and logged in to see this link.]

r.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -

[You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -

[You must be registered and logged in to see this link.]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

[You must be registered and logged in to see this link.]

in/QuickTimeInstaller.exe
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

[You must be registered and logged in to see this link.]
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[You must be registered and logged in to see this link.]

cab?1251411638447
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition

Import Utilities Class v6) -

[You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition

Utilities Class v10) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant

2) - [You must be registered and logged in to see this link.]
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

[You must be registered and logged in to see this link.]
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

[You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

[You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator)

- [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -

[You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program

Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google

Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin

Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program

Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking

Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division

Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -

C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 14648 bytes

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Mon Sep 07, 2009 11:13 pm

Hello.
I can barely read that. Please turn Word Wrap off.

See this image:


Post a new log with Word Wrap off.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 11:23 pm

These are the ones I have questions about:
02 BHO (no name)
02 BHO Browser address error redirector
013 Gopher prefix
023 PrismXL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:31 PM, on 9/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [B40750EF1C79949C] \\?\globalroot\systemroot\system32\B40750EF1C79949C.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Startup: mbam-setup.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - [You must be registered and logged in to see this link.]
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [You must be registered and logged in to see this link.]
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition Import Utilities Class v6) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14648 bytes

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Mon Sep 07, 2009 11:30 pm

Hello.

02 BHO (no name)
02 BHO Browser address error redirector

Both of them are empty items within the registry, you can fix them.

013 Gopher prefix

Is part of Vista, you can't remove it anyhow, just re-appears.

023 PrismXL

This one is more interesting. If you look at the line in HJT, you can see the company name. Their website here:
[You must be registered and logged in to see this link.]


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Next,

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Ask Toolbar
  • Click on the Uninstall/Change button at the top.

Did you run MBAM? if so, please post the log.

If not, please try running it now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Mon Sep 07, 2009 11:39 pm

Ok, did what you said, and I can't run MBAM, it crashes and says this:

Problem signature:
Problem Event Name: APPCRASH
Application Name: mbam.exe
Application Version: 1.40.0.0
Application Timestamp: 4a74a456
Fault Module Name: mbam.exe
Fault Module Version: 1.40.0.0
Fault Module Timestamp: 4a74a456
Exception Code: 80000003
Exception Offset: 00002fd0
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 62f3
Additional Information 2: c9d4c40a680b669dba468f72ec73b8fc
Additional Information 3: cd57
Additional Information 4: edd70c8330e9977f731b260694264aae

I have tried different ways to try and get it to run, and it does not work. I've also tried to run Kapersky and ESET scanners and they don't work either.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Tue Sep 08, 2009 1:20 am

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:49 am

Ok, lets see if this works. I can't post the log, but maybe this will post.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:51 am

GMER 1.0.15.15077 [r202sxgy.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-07 20:29:05
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code 84D41838 ZwEnumerateKey
Code 84D5BF98 ZwFlushInstructionCache
Code 84A70D25 IofCallDriver
Code 84D5D3D6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82427F37 5 Bytes JMP 84A70D2A
.text ntkrnlpa.exe!IofCompleteRequest 82427FA4 5 Bytes JMP 84D5D3DB
PAGE ntkrnlpa.exe!ZwEnumerateKey 82537F06 5 Bytes JMP 84D4183C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 825E849F 5 Bytes JMP 84D5BF9C
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 86882ACF 5 Bytes JMP 84A70550
? System32\Drivers\an7gmgeg.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8072B604] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8072AABA] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8072B72E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8072AB82] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8072AC00] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8073DA9A] \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83F661D8
Device \FileSystem\fastfat \FatCdrom 84E411D8
Device \Driver\volmgr \Device\VolMgrControl 83B441D8
Device \Driver\00000457 \Device\00000050 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 84A721D8
Device \Driver\usbuhci \Device\USBPDO-1 84A721D8
Device \Driver\usbuhci \Device\USBPDO-2 84A721D8
Device \Driver\usbuhci \Device\USBPDO-3 84A721D8
Device \Driver\usbehci \Device\USBPDO-4 84A75980
Device \Driver\volmgr \Device\HarddiskVolume1 83B441D8
Device \Driver\volmgr \Device\HarddiskVolume2 83B441D8
Device \Driver\volmgr \Device\HarddiskVolume3 83B441D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83F651D8
Device \Driver\atapi \Device\Ide\IdePort0 83F651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 83F651D8
Device \Driver\atapi \Device\Ide\IdePort1 83F651D8
Device \Driver\atapi \Device\Ide\IdePort2 83F651D8
Device \Driver\atapi \Device\Ide\IdePort3 83F651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 83F651D8
Device \Driver\USBSTOR \Device\00000066 84D611D8
Device \Driver\volmgr \Device\HarddiskVolume4 83B441D8
Device \Driver\USBSTOR \Device\00000067 84D611D8
Device \Driver\USBSTOR \Device\00000069 84D611D8
Device \Driver\USBSTOR \Device\0000006a 84D611D8
Device \Driver\USBSTOR \Device\0000006b 84D611D8
Device \Driver\usbuhci \Device\USBFDO-0 84A721D8
Device \Driver\USBSTOR \Device\0000006c 84D611D8
Device \Driver\USBSTOR \Device\0000006d 84D611D8
Device \Driver\usbuhci \Device\USBFDO-1 84A721D8
Device \Driver\usbuhci \Device\USBFDO-2 84A721D8
Device \Driver\usbuhci \Device\USBFDO-3 84A721D8
Device \Driver\usbehci \Device\USBFDO-4 84A75980
Device \Driver\VClone \Device\Scsi\VClone1 83F641D8
Device \Driver\VClone \Device\Scsi\VClone1Port0Path0Target0Lun0 83F641D8
Device \Driver\an7gmgeg \Device\Scsi\an7gmgeg1 84BB4880
Device \FileSystem\fastfat \Fat 84E411D8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [736] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [828] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x10000000
Library \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [908] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\kbiwkmycwrtlmj.sys (*** hidden *** ) [SYSTEM] kbiwkmcxvdnpgy <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\kbiwkmpdljgpcy.sys (*** hidden *** ) [SYSTEM] kbiwkmvpsbcrra <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\UACpxbaewqipu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:55 am

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:58 am

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -40325308
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1539431237
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:59 am

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwmpfsmvbnv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvagjoxextr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACppypijkvdw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsbcplgasti.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy@imagepath \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmycwrtlmj.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmfrofusnf.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra@imagepath \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@aid 10081
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@sid 0
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmpdljgpcy.sys
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmswcpxxdk.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmwysdngkk.dat
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmcvvcdrid.dll
Reg HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra\modules@kbiwkm.dat \systemroot\system32\kbiwkmjamyrajd.dat

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 2:59 am

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0xD8 0x9A 0x41 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8E 0xAF 0x7F ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xDE 0xAF 0xE8 ...
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxbaewqipu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwmpfsmvbnv.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACvqjkckrcao.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvagjoxextr.dat
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACppypijkvdw.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsbcplgasti.dll

---- Files - GMER 1.0.15 ----

File C:\perflogs\System\Diagnostics\20090426-0002\UAC Settings.xml 1571 bytes
File C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\UACmd.exe 39776 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac1a26.tmp 49152 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac2250.tmp 31232 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac275f.tmp 44032 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac364d.tmp 53248 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp 2535424 bytes executable
File C:\Users\Specter\AppData\Local\Temp\uac5947.tmp 2005140 bytes
File C:\Users\Specter\AppData\Local\Temp\uac9e23.tmp 3478520 bytes
File C:\Users\Specter\AppData\Local\Temp\nscE67F.tmp\uac.dll 16896 bytes executable
File C:\Users\Specter\AppData\Local\Temp\nsk358F.tmp\uac.dll 16896 bytes executable
File C:\Users\Specter\AppData\Local\Temp\nsu3669.tmp\uac.dll 16896 bytes executable

---- EOF - GMER 1.0.15 ----

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 3:01 am

Geez, that's a long log file. I was having problems posting it because it was so big. I had to do it in parts.
Is this everything that is wrong with my pc, all the malware, or is it a log of everything that got scanned?

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Tue Sep 08, 2009 1:58 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to disable:
kbiwkmcxvdnpgy
kbiwkmvpsbcrra
UACd.sys

Drivers to delete:
kbiwkmcxvdnpgy
kbiwkmvpsbcrra
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\kbiwkmycwrtlmj.sys
C:\WINDOWS\system32\drivers\kbiwkmpdljgpcy.sys
C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy
HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra
HKLM\SYSTEM\ControlSet009\Services\UACd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 9:17 pm

I am going to have to save it to my flash drive, send it to my desktop and open it from there. That is the only way I am able to download anything, and most of the time I have to do it twice.
So I am hoping that this problem I am having with having to right click and run as admin to open things will cease. I'm also figuring out that when I open an email to read it, and then try to close the box, it won't close. I am so praying that this will fix my problems. I am an online college student in my bachelor's degree program right now, and it is annoying when I can't even open a word window.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 9:57 pm

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Tue Sep 08 15:22:43 2009

15:21:43: Warning: Skipping potentially dangerous line:
"HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvpsbcrra" (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "adxiu3m1" found!
Could not open driver adxiu3m1 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

Driver "kbiwkmcxvdnpgy" disabled successfully.
Driver "kbiwkmvpsbcrra" disabled successfully.
Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Driver "kbiwkmcxvdnpgy" deleted successfully.
Driver "kbiwkmvpsbcrra" deleted successfully.
Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmycwrtlmj.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmpdljgpcy.sys" deleted successfully.

Error: could not delete file "C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys"
Deletion of file "C:\WINDOWS\system32\drivers\UACpxbaewqipu.sys" failed!
Status: 0xc0000156

Registry key "HKLM\SYSTEM\ControlSet001\Services\kbiwkmcxvdnpgy" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet001\Services\kbiwkmvpsbcrra" deleted successfully.

Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmcxvdnpgy" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet009\Services\kbiwkmcxvdnpgy" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet009\Services\kbiwkmvpsbcrra" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet009\Services\UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 10:00 pm

Here is the malware log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

9/8/2009 3:59:29 PM
mbam-log-2009-09-08 (15-58-50).txt

Scan type: Quick Scan
Objects scanned: 93409
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreGuard2009) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desote.exe "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\UACvqjkckrcao.dll (Rogue.Agent) -> No action taken.
C:\Windows\Temp\UAC7944.tmp (Rogue.Agent) -> No action taken.
C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp (Rogue.ProtectionSystem) -> No action taken.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACppypijkvdw.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACvagjoxextr.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\UACwmpfsmvbnv.dll (Trojan.Agent) -> No action taken.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 10:55 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

9/8/2009 4:01:12 PM
mbam-log-2009-09-08 (16-01-12).txt

Scan type: Quick Scan
Objects scanned: 93409
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreGuard2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desote.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\UACvqjkckrcao.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\UAC7944.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Users\Specter\AppData\Local\Temp\uac3eb6.tmp (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACppypijkvdw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACvagjoxextr.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\UACwmpfsmvbnv.dll (Trojan.Agent) -> Quarantined and deleted successfully.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Tue Sep 08, 2009 10:57 pm

Cool, the pc is running somewhat normal. I still can't open and turn on my security center. I don't have to right click on anything to get it to run, just a normal click works. I'll check the rest that I was having problems and see what happens.
Thank you, we are on the right track.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Wed Sep 09, 2009 12:10 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Wed Sep 09, 2009 1:10 am

I don't know what happened, but combofix is on my desktop and i was not given the option to rename it, also it says that I have spybot and adware running. Yes I have spybot and no clue how to shut it off short of uninstalling it, and I uninstalled adaware when I first started having problems with my pc.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by Belahzur on Wed Sep 09, 2009 7:27 pm

Hello.
See if you can run it without renaming it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lingering bugs from Windows Antivirus Pro and Police Pro

Post by jness80537 on Thu Sep 10, 2009 7:38 am

My McAfee is saying that combofix is an Artemis Trojan and won't let me download it. I have managed to get my malwarebytes and mcafee to run, I still can't turn on my windows defender though.

jness80537
Novice
Novice

Status :
Online
Offline

Posts : 48
Joined : 2009-08-27
Gender : Female
OS : Vista

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum