antivirus pro 2010

View previous topic View next topic Go down

antivirus pro 2010

Post by taigan on 24th September 2009, 2:38 am

So I got the antivirus pro message last night. I found your website and used malwarebytes to try and get rid of AVP. I kept getting a message that not all the files could be removed but that they were logged and would be deleted when I rebooted. They were clearly not deleted. After I ran the simple scan 3 or 4 times it finally said that everything was gone. But once I rebooted AVP was still on my computer. Then I ran the more advanced scan 2 and both times I got the same message as before about not all files being removed but they would be deleted when I rebooted. Again, as soon as the computer came on, before I even went online, I had messages from AVP. Here's my logfile and hopefully you can help me fix my computer.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:32 PM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Application Data\seres.exe
C:\Documents and Settings\Administrator\Application Data\svcst.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B3A89JGP\winlogon[1].scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Administrator\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Administrator\Application Data\svcst.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 8374 bytes

taigan
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26325
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus pro 2010

Post by Dr Jay on 24th September 2009, 4:23 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirus pro 2010

Post by taigan on 24th September 2009, 5:48 pm

After trying to run combofix, my internet disconnected (as expected) but then I couldn't reconnect to install the recovey console. Combofix still ran the scan but I am still getting antivirus pro messages.

Here's the log:

ComboFix 09-09-23.02 - Administrator 09/24/2009 11:22.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.77 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\aceveceqy.ban
c:\documents and settings\Administrator\Application Data\amogohy.exe
c:\documents and settings\Administrator\Application Data\fikafetahu.pif
c:\documents and settings\Administrator\Application Data\hykidagol.bat
c:\documents and settings\Administrator\Application Data\ikemohel.bin
c:\documents and settings\Administrator\Application Data\ikuresaq.inf
c:\documents and settings\Administrator\Application Data\joribac.reg
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Application Data\otubu._dl
c:\documents and settings\Administrator\Application Data\vagi.com
c:\documents and settings\Administrator\Application Data\ykuhubez.lib
c:\documents and settings\Administrator\Cookies\abujunatem.vbs
c:\documents and settings\Administrator\Cookies\abuti.pif
c:\documents and settings\Administrator\Cookies\axenypew.pif
c:\documents and settings\Administrator\Cookies\fuwitady.bat
c:\documents and settings\Administrator\Cookies\fyvyguha.pif
c:\documents and settings\Administrator\Cookies\kimes.bat
c:\documents and settings\Administrator\Cookies\mepysy.db
c:\documents and settings\Administrator\Cookies\miby.pif
c:\documents and settings\Administrator\Cookies\moxaxehuri.lib
c:\documents and settings\Administrator\Cookies\oxedekinaf.lib
c:\documents and settings\Administrator\Cookies\ukygu.bat
c:\documents and settings\Administrator\Cookies\upewucow._dl
c:\documents and settings\Administrator\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Local Settings\Application Data\gacyh.bin
c:\documents and settings\Administrator\Local Settings\Application Data\gimakoqo._sy
c:\documents and settings\Administrator\Local Settings\Application Data\lanuwomu.bin
c:\documents and settings\Administrator\Local Settings\Application Data\lazuxymo.reg
c:\documents and settings\Administrator\Local Settings\Application Data\nuzahaweku._sy
c:\documents and settings\Administrator\Local Settings\Application Data\ocucuce.reg
c:\documents and settings\Administrator\Local Settings\Application Data\ugiga.dll
c:\documents and settings\Administrator\Local Settings\Application Data\vygox._sy
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\abubusig.pif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\asehib.dll
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\efyvuz.scr
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\moko.scr
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\napapatix.dl
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\nohugaki.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\oqapeja.vbs
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\osycarehic.com
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ozytom.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\rejutav.pif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ritida.vbs
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\susa.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ufokyhylag.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ydifemif.reg
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\All Users\Application Data\axyzipu.inf
c:\documents and settings\All Users\Application Data\ebaqo.com
c:\documents and settings\All Users\Application Data\edilaka.com
c:\documents and settings\All Users\Application Data\iqico.lib
c:\documents and settings\All Users\Application Data\jolulytu.reg
c:\documents and settings\All Users\Application Data\purupifys.bat
c:\documents and settings\All Users\Application Data\upaxybumuf.bat
c:\documents and settings\All Users\Application Data\uqekuha.reg
c:\documents and settings\All Users\Application Data\usyseximub.pif
c:\documents and settings\All Users\Application Data\uzukofyji.dl
c:\documents and settings\All Users\Application Data\xadyves.bat
c:\documents and settings\All Users\Application Data\ysedamuj.vbs
c:\documents and settings\All Users\Documents\ducu.inf
c:\documents and settings\All Users\Documents\egaga.pif
c:\documents and settings\All Users\Documents\jexuwapi._dl
c:\documents and settings\All Users\Documents\jobigimug.inf
c:\documents and settings\All Users\Documents\jute.com
c:\documents and settings\All Users\Documents\jycyfu.inf
c:\documents and settings\All Users\Documents\kewevyse.ban
c:\documents and settings\All Users\Documents\nedec.com
c:\documents and settings\All Users\Documents\nomuzepawu.vbs
c:\documents and settings\All Users\Documents\omyfexaji.com
c:\documents and settings\All Users\Documents\unoqucu.bat
c:\documents and settings\All Users\Documents\xeco.dll
c:\documents and settings\All Users\Documents\xyhujove.scr
c:\documents and settings\All Users\Documents\yvyrod.dl
c:\documents and settings\All Users\Documents\zojawi.reg
c:\documents and settings\All Users\Documents\zysahoze.bin
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\ajudyhiz.pif
c:\program files\Common Files\ezopofoq.exe
c:\program files\Common Files\icetufyquc.scr
c:\program files\Common Files\ifaxyvody.com
c:\program files\Common Files\ilydig.vbs
c:\program files\Common Files\totef.bin
c:\program files\Common Files\udycedy.bin
c:\program files\Common Files\ulinyzew.pif
c:\program files\Common Files\vagib._dl
c:\program files\Common Files\yvihagi.bin
c:\windows\awamolajig.pif
c:\windows\cefoqub.bin
c:\windows\cuvedo.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\esabi.exe
c:\windows\evevijel.reg
c:\windows\icososyfi.pif
c:\windows\ijiwakaw.ban
c:\windows\Installer\1f2e74.msp
c:\windows\Installer\1f2e75.msp
c:\windows\isyni.sys
c:\windows\jutijyvo.dll
c:\windows\limasehuto._dl
c:\windows\nahusupaq._dl
c:\windows\namewir.dl
c:\windows\nocurew.pif
c:\windows\olutuliq.inf
c:\windows\omuciqip.dll
c:\windows\onoryfybo.inf
c:\windows\opeku.scr
c:\windows\otuhox.exe
c:\windows\ovedyb._dl
c:\windows\pywirogem.bat
c:\windows\qojug.bin
c:\windows\quhogepic.reg
c:\windows\ravisal.dl
c:\windows\system32\_scui.cpl
c:\windows\system32\bapobehut.vbs
c:\windows\system32\cofus.pif
c:\windows\system32\dobuco.inf
c:\windows\system32\drivers\fad.sys
c:\windows\system32\evipo.inf
c:\windows\system32\evowir.bat
c:\windows\system32\fifuwaseg.reg
c:\windows\system32\gorytuq.reg
c:\windows\system32\guzixuto.dl
c:\windows\system32\nsprs.dll
c:\windows\system32\odisyqitip.inf
c:\windows\system32\ofebyjif.exe
c:\windows\system32\pociqon.ban
c:\windows\system32\qazukym.pif
c:\windows\system32\sabugati.scr
c:\windows\system32\socilamuxu.vbs
c:\windows\system32\ssprs.dll
c:\windows\system32\tibywe.pif
c:\windows\system32\uxavokoqah.exe
c:\windows\ukudazijas.dll
c:\windows\viravez.bat
c:\windows\waquryhet.vbs
c:\windows\ycalufejy.bin
c:\windows\yhipyk.scr

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 02:27 . 2009-09-24 02:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-24 02:25 . 2009-09-24 02:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-24 02:25 . 2009-09-24 02:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-24 02:21 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-24 02:20 . 2009-09-24 02:20 -------- d-----w- c:\windows\ie8updates
2009-09-24 02:19 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-24 02:19 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-24 02:14 . 2009-09-24 02:18 -------- dc-h--w- c:\windows\ie8
2009-09-24 01:49 . 2009-09-24 01:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 01:47 . 2009-09-24 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-24 01:47 . 2009-09-24 01:47 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-24 01:46 . 2009-09-24 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-24 01:30 . 2009-09-24 01:30 12386 ----a-w- c:\windows\system32\bosut.com
2009-09-24 01:30 . 2009-09-24 01:30 10813 ----a-w- c:\windows\reny.dat
2009-09-23 22:44 . 2009-09-23 22:44 15311 ----a-w- c:\windows\system32\febu.com
2009-09-23 22:44 . 2009-09-23 22:44 16846 ----a-w- c:\windows\todul.dat
2009-09-23 22:44 . 2009-09-23 22:44 12767 ----a-w- c:\program files\Common Files\lynosiza.dat
2009-09-23 18:49 . 2009-09-23 18:49 15565 ----a-w- c:\windows\system32\abokuxymaj.dat
2009-09-23 18:49 . 2009-09-23 18:49 11414 ----a-w- c:\program files\Common Files\nalofu.dat
2009-09-23 07:33 . 2009-09-23 07:33 17907 ----a-w- c:\windows\bibicyber.dat
2009-09-23 06:55 . 2009-09-23 06:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-23 06:54 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 06:54 . 2009-09-23 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 06:54 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 06:54 . 2009-09-23 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:41 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Linksys
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Funk Software
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Common Files\Funk Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 01:34 . 2008-06-24 00:22 -------- d-----w- c:\program files\Java
2009-09-24 01:30 . 2009-09-24 01:30 15157 ----a-w- c:\program files\Common Files\epivujucu._sy
2009-09-24 01:30 . 2009-09-24 01:30 13669 ----a-w- c:\documents and settings\Administrator\Application Data\sycesef.dat
2009-09-24 01:23 . 2009-09-24 01:23 159856 ----a-w- c:\documents and settings\Administrator\Application Data\lizkavd.exe
2009-09-23 22:44 . 2009-09-23 22:44 15939 ----a-w- c:\program files\Common Files\roke._sy
2009-09-23 18:49 . 2009-09-23 18:49 19873 ----a-w- c:\documents and settings\Administrator\Application Data\yqakako.dat
2009-09-23 18:49 . 2009-09-23 18:49 14422 ----a-w- c:\documents and settings\All Users\Application Data\ypaxur.dat
2009-09-23 18:49 . 2009-09-23 18:49 17438 ----a-w- c:\program files\Common Files\zitu.db
2009-09-23 18:25 . 2007-04-10 17:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 06:24 . 2009-09-23 06:24 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 03:25 . 2009-09-23 18:41 14848 ----a-w- c:\documents and settings\Administrator\Application Data\svcst.exe
2009-09-23 03:25 . 2009-09-23 03:25 14848 ----a-w- c:\documents and settings\Administrator\Application Data\seres.exe
2009-09-17 04:14 . 2009-06-07 21:46 -------- d-----w- c:\program files\Graboid
2009-09-09 05:20 . 2008-09-08 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 18:41 . 2007-03-20 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 18:31 . 2009-06-07 21:47 -------- d-----w- c:\program files\VideoLAN
2009-08-11 22:55 . 2007-03-23 05:28 58608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 21:07 . 2009-08-03 21:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 21:07 . 2009-08-03 21:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 21:07 . 2009-08-03 21:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]
"mserv"="c:\documents and settings\Administrator\Application Data\seres.exe" [2009-09-23 14848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-03 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-03 610304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2003-02-24 163840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-3-19 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [3/19/2007 6:26 PM 31799]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [3/19/2007 6:26 PM 33335]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 18:34]

2009-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B3A89JGP\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-746137067-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7f,47,45,28,b0,42,4a,91,59,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7f,47,45,28,b0,42,4a,91,59,f0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1736)
c:\program files\Funk Software\Funk Client\odLogin.dll
.
Completion time: 2009-09-24 11:35
ComboFix-quarantined-files.txt 2009-09-24 17:35

Pre-Run: 28,282,183,680 bytes free
Post-Run: 28,498,092,032 bytes free

303 --- E O F --- 2009-09-09 03:58

taigan
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26325
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus pro 2010

Post by Dr Jay on 25th September 2009, 1:23 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\bosut.com
    c:\windows\reny.dat
    c:\windows\system32\febu.com
    c:\windows\todul.dat
    c:\program files\Common Files\lynosiza.dat
    c:\windows\system32\abokuxymaj.dat
    c:\program files\Common Files\nalofu.dat
    c:\windows\bibicyber.dat
    c:\program files\Common Files\epivujucu._sy
    c:\documents and settings\Administrator\Application Data\sycesef.dat
    c:\documents and settings\Administrator\Application Data\lizkavd.exe
    c:\program files\Common Files\roke._sy
    c:\documents and settings\Administrator\Application Data\yqakako.dat
    c:\documents and settings\All Users\Application Data\ypaxur.dat
    c:\program files\Common Files\zitu.db
    c:\documents and settings\Administrator\Application Data\svcst.exe
    c:\documents and settings\Administrator\Application Data\seres.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum