antivirus 2010

View previous topic View next topic Go down

antivirus 2010

Post by murs on 7th September 2009, 12:45 pm

I tried running malwarebytes but it didn't totally delete the virus and after restarting I can't bring up malwarebytes again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:05 AM, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Insight\Tools\aiclient.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
c:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Common Files\Kronos\DCMCommon\dbsrv6.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Marriott\Installation Gatekeeper\IGK.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\SFU\Mapper\mapsvc.exe
C:\WINDOWS\TEMP\WBDFF4.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GNMB2GZB\winlogon[1].scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.221 awareremover.microsoft.com
O1 - Hosts: 91.212.127.221 awareremover.com
O1 - Hosts: 91.212.127.221 [You must be registered and logged in to see this link.]
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ScrewDrivers Client Executable] "C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v3\sdclient.exe" -i
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\i7o81qv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows System Recover!] C:\WINDOWS\TEMP\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\i7o81qv.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: ADP Event Manager.lnk = C:\Program Files\ADP\TimeclockMgr\Dcm\EventMgr.exe
O4 - Global Startup: ADP Sentinel.lnk = C:\Program Files\ADP\TimeclockMgr\Dcm\Sentinel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: PackageCab - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:\Program Files\Insight\Tools\aiclient.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DCM - TimeclockMgr - Unknown owner - C:\Program Files\Common Files\Kronos\DCMCommon\dbsrv6.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Installation Gatekeeper - Marriott International - C:\Program Files\Marriott\Installation Gatekeeper\IGK.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7044 bytes

murs
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-05-12
OS OS : XP
Points Points : 27708
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus 2010

Post by Belahzur on 7th September 2009, 9:04 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.221 awareremover.microsoft.com
    O1 - Hosts: 91.212.127.221 awareremover.com
    O1 - Hosts: 91.212.127.221 [You must be registered and logged in to see this link.]
    O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
    O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\i7o81qv.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows System Recover!] C:\WINDOWS\TEMP\mdm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\i7o81qv.exe (User 'Default user')


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus 2010

Post by murs on 8th September 2009, 6:36 am

I deleted the files but I am still unable to open Malwarebytes, also I'm not able to install or uninstall new software because my computer is asking me pick a program to open with.

murs
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-05-12
OS OS : XP
Points Points : 27708
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus 2010

Post by Belahzur on 8th September 2009, 2:07 pm

Next, download [You must be registered and logged in to see this link.] file.

Download it to your Desktop.
Double click it to run it; select yes to the registry merge prompt.

Can you run MBAM now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus 2010

Post by murs on 9th September 2009, 6:21 am

That file worked fine, I was able to run MBAM without a problem as well my other programs that were unable to open before here is the log from my scan.

Malwarebytes' Anti-Malware 1.40
Database version: 2763
Windows 5.1.2600 Service Pack 3

9/8/2009 11:15:24 PM
mbam-log-2009-09-08 (23-15-24).txt

Scan type: Quick Scan
Objects scanned: 109368
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

murs
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-05-12
OS OS : XP
Points Points : 27708
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus 2010

Post by Belahzur on 9th September 2009, 7:34 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus 2010

Post by murs on 10th September 2009, 11:34 am

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 4:26:14.18 on Thu 09/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.383 [GMT -7:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4E214C56-2E1F-450F-A2B8-81256A6BDB98}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ADP\TimeclockMgr\Dcm\Sentinel.exe
svchost.exe
C:\Program Files\Insight\Tools\aiclient.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
c:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Common Files\Kronos\DCMCommon\dbsrv6.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Marriott\Installation Gatekeeper\IGK.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\SFU\Mapper\mapsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\ADP\TimeclockMgr\Dcm\DCMStateMngr.exe
C:\Program Files\ADP\TimeclockMgr\Dcm\httpsvr.exe
C:\Program Files\ADP\TimeclockMgr\Dcm\appclnt.exe
C:\WINDOWS\TEMP\PG2571.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SecureCRT\SecureCRT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5FW8VPZN\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ScrewDrivers Client Executable] "c:\program files\tricerat\simplify printing\screwdrivers client v3\sdclient.exe" -i
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl05b\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRunOnce: [TSC] "c:\program files\trend micro\officescan client\tsc.exe" /HD
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adpeve~1.lnk - c:\program files\adp\timeclockmgr\dcm\EventMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adpsen~1.lnk - c:\program files\adp\timeclockmgr\dcm\Sentinel.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: MySodexho.com
Trusted Zone: MySodexho.com\www
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: PackageCab - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2002-2-15 114749]
R2 Client for NFS;Client for NFS;c:\windows\system32\nfsclnt.exe [2005-12-16 53408]
R2 DCM - TimeclockMgr;DCM - TimeclockMgr;c:\program files\common files\kronos\dcmcommon\dbsrv6.exe [2007-8-7 38912]
R2 Installation Gatekeeper;Installation Gatekeeper;c:\program files\marriott\installation gatekeeper\IGK.exe [2003-7-21 7168]
R2 Mapsvc;User Name Mapping;c:\sfu\mapper\mapsvc.exe [2005-12-16 111728]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2008-5-27 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-5-27 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-20 24652]
R3 NfsRdr;NfsRdr;c:\windows\system32\drivers\nfsrdr.sys [2005-12-16 305664]
R3 Portmap;Portmap;c:\windows\system32\drivers\portmap.sys [2005-12-16 35072]
R3 RpcXdr;RpcXdr;c:\windows\system32\drivers\rpcxdr.sys [2005-12-16 55872]
RUnknown gtnaxpj;gtnaxpj; [x]
S3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys [2006-5-31 41216]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-6-4 652552]

=============== Created Last 30 ================

2009-09-08 23:21 --d----- c:\docume~1\admini~1\applic~1\AVG8
2009-09-08 10:19 --d----- C:\EZTEMP
2009-09-08 10:13 --d----- C:\ADPATM22
2009-09-08 09:48 103,720 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2009-09-07 05:18 0 a------- c:\windows\system32\41.exe
2009-09-05 00:24 --d----- c:\program files\lismkc
2009-09-02 23:30 --ds---- C:\Combo-Fix
2009-09-02 23:30 389,120 a------- c:\windows\system32\CF7656.exe
2009-08-29 00:14 --d----- c:\program files\AOD
2009-08-29 00:14 --d----- c:\program files\AIM
2009-08-27 04:44 389,120 a------- c:\windows\system32\CF27404.exe
2009-08-25 23:26 229,376 a------- c:\windows\PEV.exe
2009-08-25 23:26 161,792 a------- c:\windows\SWREG.exe
2009-08-25 23:26 98,816 a------- c:\windows\sed.exe
2009-08-25 23:26 389,120 a------- c:\windows\system32\CF7960.exe
2009-08-22 18:12 0 a------- C:\LOG98.tmp
2009-08-22 00:39 --d----- c:\program files\AOL Toolbar
2009-08-20 23:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 23:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 23:39 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 18:45 2,695 a---h--- C:\IPH.PH
2009-08-19 10:15 0 a------- C:\LOG2AE.tmp
2009-08-15 14:09 0 a------- C:\LOG380.tmp
2009-08-12 03:32 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 03:32 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 04:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe

============= FINISH: 4:27:36.20 ===============

murs
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-05-12
OS OS : XP
Points Points : 27708
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus 2010

Post by Dr Jay on 16th September 2009, 9:00 pm

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum