Antivirus Pro 2010 Help please

View previous topic View next topic Go down

Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 6:38 pm

I am stuck, I have been reading the forums and attempting what was recommended to do. I could not run task manager, Malwarebytes' Anti-Malware, I kept getting the application is infected. I can not reboot in safe mode, for some reason when I attempt to in the middle of loading the drivers my system reboots. I finally got Combofix to run after renaming to svchost.exe, it ran completely and I got the log file however I still have the antivirus pro on my system, I was able to run the combofix again, then attempted to run malwarebyte, it froze at 6 mins, then the computer gave me the blue screen, I rebooted and ran combofix again, then malwarebyte, this time malware froze after 1 min. I rebooted and ran combofix again and here I am, I am running win xp, I hope someone can help me fix this mess!
Here is the latest log file from combofix:
ComboFix 09-09-25.01 - Name 09/27/2009 12:53.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT -5:00]
Running from: c:\documents and settings\Name\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\13222504
c:\documents and settings\All Users\Application Data\13222504\13222504
c:\documents and settings\All Users\Application Data\13222504\13222504.exe
c:\documents and settings\All Users\Application Data\13222504\pc13222504ins
c:\documents and settings\All Users\Application Data\awyzok.bat
c:\documents and settings\All Users\Application Data\tutocu.bat
c:\documents and settings\All Users\Documents\azucesev.com
c:\documents and settings\Name\Application Data\ebudimokab._sy
c:\documents and settings\Name\Application Data\gutafakeha._dl
c:\documents and settings\Name\Application Data\mapijov.bin
c:\documents and settings\Name\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Name\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Name\Local Settings\Application Data\owakojy.vbs
c:\documents and settings\Name\Local Settings\Application Data\ubawona.reg
c:\documents and settings\Name\Local Settings\Temporary Internet Files\eticojixu.bat
c:\documents and settings\Name\Local Settings\Temporary Internet Files\vyturus.sys
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\dopyqum.pif
c:\windows\system32\niwezufa.exe
c:\windows\system32\romezeju.dll
c:\windows\system32\yetugayu.dll
c:\windows\system32\yujitana.dll
c:\windows\xiceb.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 14:25 . 2009-09-27 14:25 18748 ----a-w- c:\windows\rotygikiru.com
2009-09-27 14:25 . 2009-09-27 14:25 16084 ----a-w- c:\windows\system32\evuguduv.dat
2009-09-27 14:25 . 2009-09-27 14:25 11611 ----a-w- c:\windows\ukumo.com
2009-09-27 12:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-27 12:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-23 09:29 . 2009-09-26 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Artist Colony
2009-09-23 09:29 . 2009-09-23 09:29 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\Artist Colony
2009-09-21 09:45 . 2009-09-21 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kristanix Games
2009-09-20 18:47 . 2009-09-20 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Becky Brogan
2009-09-15 00:43 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-13 19:02 . 2009-09-13 19:02 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\AlwaysNeat
2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\windows\She is a Shadow
2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\program files\She is a Shadow
2009-09-13 13:32 . 2009-09-13 13:32 -------- d-----w- c:\documents and settings\Name\Application Data\GloomBeacon
2009-09-13 13:30 . 2009-09-13 13:32 -------- d-----w- c:\program files\GloomBeacon
2009-09-13 13:29 . 2009-09-13 13:29 -------- d-----w- c:\program files\Gemini Lost
2009-09-13 13:29 . 2009-09-13 13:29 -------- d-----w- c:\windows\Gemini Lost
2009-09-13 13:19 . 2009-09-13 18:29 -------- d-----w- c:\program files\Crazy Honeymoon Season I
2009-09-13 13:18 . 2009-09-20 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-09-12 19:46 . 2009-09-12 19:46 -------- d-----w- c:\program files\LeeGTs Games
2009-09-12 01:21 . 2009-09-12 01:21 -------- d-----w- c:\documents and settings\Name\Application Data\DivoGames
2009-09-11 23:28 . 2009-09-11 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-09-11 10:20 . 2009-09-11 11:19 -------- d-----w- c:\documents and settings\Name\uspy
2009-09-10 10:12 . 2009-09-10 10:12 -------- d-----w- c:\documents and settings\Name\Application Data\Little Games Company
2009-09-10 10:12 . 2009-09-10 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-09-09 09:39 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 10:30 . 2009-09-08 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperRanch
2009-09-03 10:14 . 2009-09-03 10:14 -------- d-----w- C:\Patriot Games
2009-08-30 13:31 . 2009-08-18 19:11 -------- d-----w- c:\program files\Cleopatra Queen of The Nile
2009-08-30 12:58 . 2009-08-30 13:07 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 17:52 . 2007-02-21 17:32 -------- d-----w- c:\program files\FlashGet
2009-09-27 15:16 . 2009-06-27 15:16 49152 --sha-w- c:\windows\system32\tuvafuye.dll
2009-09-27 15:16 . 2009-06-27 15:16 88576 --sha-w- c:\windows\system32\kafawagi.dll
2009-09-27 14:24 . 2009-09-27 03:14 229488 ----a-w- c:\documents and settings\Name\Application Data\lizkavd.exe
2009-09-27 03:07 . 2009-09-27 03:07 265216 ----a-w- c:\documents and settings\Name\Application Data\svcst.exe
2009-09-27 03:07 . 2009-09-27 03:07 265216 ----a-w- c:\documents and settings\Name\Application Data\seres.exe
2009-09-26 22:42 . 2007-03-19 13:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-13 14:28 . 2009-03-22 12:39 -------- d-----w- c:\program files\Games
2009-09-13 13:17 . 2007-01-24 21:30 -------- d-----w- c:\program files\Alawar
2009-09-12 19:47 . 2008-01-10 22:28 -------- d-----w- c:\documents and settings\Name\Application Data\Valusoft
2009-09-12 19:47 . 2008-01-10 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Valusoft
2009-09-11 23:28 . 2007-01-21 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin
2009-09-11 23:28 . 2007-01-21 05:55 -------- d-----w- c:\documents and settings\Name\Application Data\iWin
2009-09-09 22:24 . 2009-07-16 14:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 18:26 . 2008-04-04 21:46 -------- d-----w- c:\documents and settings\Name\Application Data\Meridian93
2009-09-04 11:07 . 2007-04-02 05:48 -------- d-----w- c:\program files\Coupons
2009-09-01 22:39 . 2009-08-09 14:52 45344 ----a-w- c:\windows\system32\drivers\dahf818.sys
2009-08-30 10:29 . 2009-04-05 11:37 -------- d-----w- c:\program files\Big Kahuna Reef 2
2009-08-27 23:42 . 2009-03-07 02:31 -------- d-----w- c:\program files\ATTToolbar
2009-08-27 23:42 . 2006-12-09 05:37 -------- d-----w- c:\program files\Yahoo!
2009-08-23 00:08 . 2008-06-13 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 01:51 . 2009-08-22 01:48 6853096 ----a-w- C:\SpyHunter-Compact-OS.exe
2009-08-22 01:48 . 2009-08-22 01:48 -------- d-----w- c:\program files\Enigma Software Group
2009-08-17 22:41 . 2008-06-26 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 22:41 . 2008-06-26 14:52 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 22:41 . 2008-06-26 14:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 10:49 . 2006-12-09 06:00 -------- d-----w- c:\program files\LimeWire
2009-08-15 21:30 . 2006-01-01 13:36 102184 ----a-w- c:\documents and settings\Name\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 08:35 . 2009-08-15 08:35 -------- d-----w- c:\program files\MSBuild
2009-08-15 08:35 . 2009-08-15 08:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 10:46 . 2008-06-26 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:32 . 2006-12-08 04:50 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 01:36 . 2009-08-04 01:36 -------- d-----w- c:\program files\MSECache
2009-08-03 18:36 . 2009-08-11 11:00 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-06-13 03:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 15:56 . 2006-12-09 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-25 10:23 . 2009-02-20 11:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2008-03-08 04:59 . 2008-03-08 00:30 19340134 ----a-w- c:\program files\WarChessSetup.exe
2008-03-01 21:48 . 2008-03-01 21:48 0 ----a-w- c:\program files\temp01
2006-12-09 06:20 . 2006-12-09 06:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-07-20 23:13 . 2007-07-18 14:16 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-20 23:13 . 2007-07-18 14:16 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-20 23:13 . 2007-07-18 14:16 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-20 23:13 . 2007-07-18 14:16 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-20 23:13 . 2007-07-18 14:16 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-06-27 15:17 . 2009-06-27 15:17 49152 --sha-w- c:\windows\system32\lugopuko.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-01 12:55 . 2009-09-27 13:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-01 12:55 . 2009-09-27 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{baedba90-c61b-47ff-ad2c-c3cae46694fd}]
2009-06-27 15:17 49152 --sha-w- c:\windows\system32\lugopuko.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-12-10 160832]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"mserv"="c:\documents and settings\Name\Application Data\svcst.exe" [2009-09-27 265216]
"svchost"="c:\documents and settings\Name\Application Data\svcst.exe" [2009-09-27 265216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-07-02 2841824]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-03 55368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"KMCONFIG"="c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"yenetevoj"="c:\windows\system32\kafawagi.dll" [2009-09-27 88576]
"Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-27 229488]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-02 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"fesilusuto"="yujitana.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{9a22e867-a899-49d3-8b21-f98195c5bf74}"= "c:\windows\system32\kafawagi.dll" [2009-09-27 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gobepumot"= {9a22e867-a899-49d3-8b21-f98195c5bf74} - c:\windows\system32\kafawagi.dll [2009-09-27 88576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civ3XEdit.exe"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Micro Innovations\\Wireless Keyboard & Mouse Driver\\KMCONFIG.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/1/2006 8:09 AM 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/26/2008 9:52 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/26/2008 9:52 AM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/1/2006 8:08 AM 13696]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 11:11 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 11:11 AM 297752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [4/5/2007 11:29 AM 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 9:16 PM 24652]
S0 dahf818;dahf818;\SystemRoot\\SystemRoot\System32\drivers\dahf818.sys --> \SystemRoot\\SystemRoot\System32\drivers\dahf818.sys [?]
S1 16ff13ce.sys;16ff13ce.sys;\??\c:\windows\System32\drivers\16ff13ce.sys --> c:\windows\System32\drivers\16ff13ce.sys [?]
S2 ziymhyshv;ziymhyshv;\??\c:\windows\system32\drivers\jbbxngpk.sys --> c:\windows\system32\drivers\jbbxngpk.sys [?]
S3 Amps2prt;Kensington PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/11/2009 6:00 AM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Name\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Name\Application Data\Mozilla\Firefox\Profiles\m08bc0kg.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-13222504 - c:\documents and settings\All Users\Application Data\13222504\13222504.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-27 13:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\windows\system32\_scui.cpl 167424 bytes executable
c:\documents and settings\Name\Application Data\opopevu.com 13823 bytes
c:\documents and settings\Name\Application Data\iqex.inf 17332 bytes
c:\documents and settings\Name\Application Data\cocaky.ban 18451 bytes
c:\documents and settings\Name\Application Data\epokatasax.bin 10366 bytes

scan completed successfully
hȋdden files: 5

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\kafawagi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMCONFIG.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\dca-ua.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
c:\documents and settings\Name\Application Data\seres.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-09-27 13:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 18:13
ComboFix2.txt 2009-09-27 14:31
ComboFix3.txt 2009-09-27 13:11

Pre-Run: 40,948,469,760 bytes free
Post-Run: 41,000,275,968 bytes free

314 --- E O F --- 2009-09-09 11:16

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 6:51 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\rotygikiru.com
    c:\windows\system32\evuguduv.dat
    c:\windows\ukumo.com
    c:\windows\system32\tuvafuye.dll
    c:\windows\system32\kafawagi.dll
    c:\documents and settings\Name\Application Data\lizkavd.exe
    c:\documents and settings\Name\Application Data\svcst.exe
    c:\documents and settings\Name\Application Data\seres.exe
    c:\documents and settings\Name\Application Data\opopevu.com
    c:\documents and settings\Name\Application Data\iqex.inf
    c:\documents and settings\Name\Application Data\cocaky.ban
    c:\documents and settings\Name\Application Data\epokatasax.bin
    c:\windows\system32\_scui.cpl

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{baedba90-c61b-47ff-ad2c-c3cae46694fd}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mserv"=-
    "svchost"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "yenetevoj"=-
    "Antivirus Pro 2010"=-
    "fesilusuto"=-
    [-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{9a22e867-a899-49d3-8b21-f98195c5bf74}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "gobepumot"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=-
    "FirewallDisableNotify"=-
    "UpdatesDisableNotify"=-

    Driver::
    dahf818
    16ff13ce.sys
    ziymhyshv
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 7:35 pm

I did what you said, combofix has been preparing to run for about 20 mins, it never took this long before. the curser is blinking but nothing is happening. I made sure all programs were not running. what now?
and Thank you for your help so far!

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 7:36 pm

Let it run for a bit longer, this malware is pretty messy.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 7:47 pm

it's at 30 mins now with no change, should i try to reboot and run it?

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 8:01 pm

Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 8:36 pm

ok, rebooted, ran combofix, it rebooted and i do not see the antivirus popups any longer!! WOOHOO!!!! Thank you so much, here is the newest log file:

ComboFix 09-09-25.01 - Name 09/27/2009 15:10.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.568 [GMT -5:00]
Running from: c:\documents and settings\Name\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Name\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Name\Application Data\cocaky.ban"
"c:\documents and settings\Name\Application Data\epokatasax.bin"
"c:\documents and settings\Name\Application Data\iqex.inf"
"c:\documents and settings\Name\Application Data\lizkavd.exe"
"c:\documents and settings\Name\Application Data\opopevu.com"
"c:\documents and settings\Name\Application Data\seres.exe"
"c:\documents and settings\Name\Application Data\svcst.exe"
"c:\windows\rotygikiru.com"
"c:\windows\system32\_scui.cpl"
"c:\windows\system32\evuguduv.dat"
"c:\windows\system32\kafawagi.dll"
"c:\windows\system32\tuvafuye.dll"
"c:\windows\ukumo.com"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\uqic.dll
c:\documents and settings\All Users\Application Data\ywikotyge.exe
c:\documents and settings\All Users\Documents\ebuvas.com
c:\documents and settings\All Users\Documents\ogiqilafop.scr
c:\documents and settings\Name\Application Data\cocaky.ban
c:\documents and settings\Name\Application Data\epokatasax.bin
c:\documents and settings\Name\Application Data\iqex.inf
c:\documents and settings\Name\Application Data\lizkavd.exe
c:\documents and settings\Name\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Name\Application Data\opopevu.com
c:\documents and settings\Name\Application Data\seres.exe
c:\documents and settings\Name\Application Data\svcst.exe
c:\documents and settings\Name\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Name\Local Settings\Application Data\ukukowi.pif
c:\documents and settings\Name\Local Settings\Application Data\yvigij.scr
c:\documents and settings\Name\Local Settings\Temporary Internet Files\bicyxog.lib
c:\documents and settings\Name\Local Settings\Temporary Internet Files\efyhec.lib
c:\documents and settings\Name\Local Settings\Temporary Internet Files\hedojyg.bin
c:\documents and settings\Name\Local Settings\Temporary Internet Files\hewumaqat._dl
c:\documents and settings\Name\Local Settings\Temporary Internet Files\memaqip.dll
c:\documents and settings\Name\Local Settings\Temporary Internet Files\qeqib._dl
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Name\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\awizyvagi.ban
c:\program files\Common Files\hocikes.dll
c:\program files\Common Files\irexuliqy.reg
c:\program files\Common Files\owajugeq.dll
c:\windows\ovecixox.reg
c:\windows\ovuv.exe
c:\windows\rotygikiru.com
c:\windows\system32\_scui.cpl
c:\windows\system32\dyja.exe
c:\windows\system32\evuguduv.dat
c:\windows\system32\kafawagi.dll
c:\windows\system32\ocehotaq.reg
c:\windows\system32\tuvafuye.dll
c:\windows\ukumo.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_16ff13ce.sys
-------\Service_dahf818
-------\Service_ziymhyshv


((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 12:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-27 12:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-23 09:29 . 2009-09-26 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Artist Colony
2009-09-23 09:29 . 2009-09-23 09:29 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\Artist Colony
2009-09-21 09:45 . 2009-09-21 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kristanix Games
2009-09-20 18:47 . 2009-09-20 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Becky Brogan
2009-09-15 00:43 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-13 19:02 . 2009-09-13 19:02 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\AlwaysNeat
2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\windows\She is a Shadow
2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\program files\She is a Shadow
2009-09-13 13:32 . 2009-09-13 13:32 -------- d-----w- c:\documents and settings\Name\Application Data\GloomBeacon
2009-09-13 13:30 . 2009-09-13 13:32 -------- d-----w- c:\program files\GloomBeacon
2009-09-13 13:29 . 2009-09-13 13:29 -------- d-----w- c:\program files\Gemini Lost
2009-09-13 13:29 . 2009-09-13 13:29 -------- d-----w- c:\windows\Gemini Lost
2009-09-13 13:19 . 2009-09-13 18:29 -------- d-----w- c:\program files\Crazy Honeymoon Season I
2009-09-13 13:18 . 2009-09-20 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-09-12 19:46 . 2009-09-12 19:46 -------- d-----w- c:\program files\LeeGTs Games
2009-09-12 01:21 . 2009-09-12 01:21 -------- d-----w- c:\documents and settings\Name\Application Data\DivoGames
2009-09-11 23:28 . 2009-09-11 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-09-11 10:20 . 2009-09-11 11:19 -------- d-----w- c:\documents and settings\Name\uspy
2009-09-10 10:12 . 2009-09-10 10:12 -------- d-----w- c:\documents and settings\Name\Application Data\Little Games Company
2009-09-10 10:12 . 2009-09-10 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-09-09 09:39 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 10:30 . 2009-09-08 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperRanch
2009-09-03 10:14 . 2009-09-03 10:14 -------- d-----w- C:\Patriot Games
2009-08-30 13:31 . 2009-08-18 19:11 -------- d-----w- c:\program files\Cleopatra Queen of The Nile
2009-08-30 12:58 . 2009-08-30 13:07 -------- d-----w- c:\documents and settings\Name\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 20:04 . 2007-02-21 17:32 -------- d-----w- c:\program files\FlashGet
2009-09-26 22:42 . 2007-03-19 13:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-13 14:28 . 2009-03-22 12:39 -------- d-----w- c:\program files\Games
2009-09-13 13:17 . 2007-01-24 21:30 -------- d-----w- c:\program files\Alawar
2009-09-12 19:47 . 2008-01-10 22:28 -------- d-----w- c:\documents and settings\Name\Application Data\Valusoft
2009-09-12 19:47 . 2008-01-10 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Valusoft
2009-09-11 23:28 . 2007-01-21 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin
2009-09-11 23:28 . 2007-01-21 05:55 -------- d-----w- c:\documents and settings\Name\Application Data\iWin
2009-09-09 22:24 . 2009-07-16 14:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 18:26 . 2008-04-04 21:46 -------- d-----w- c:\documents and settings\Name\Application Data\Meridian93
2009-09-04 11:07 . 2007-04-02 05:48 -------- d-----w- c:\program files\Coupons
2009-09-01 22:39 . 2009-08-09 14:52 45344 ----a-w- c:\windows\system32\drivers\dahf818.sys
2009-08-30 10:29 . 2009-04-05 11:37 -------- d-----w- c:\program files\Big Kahuna Reef 2
2009-08-27 23:42 . 2009-03-07 02:31 -------- d-----w- c:\program files\ATTToolbar
2009-08-27 23:42 . 2006-12-09 05:37 -------- d-----w- c:\program files\Yahoo!
2009-08-23 00:08 . 2008-06-13 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 01:51 . 2009-08-22 01:48 6853096 ----a-w- C:\SpyHunter-Compact-OS.exe
2009-08-22 01:48 . 2009-08-22 01:48 -------- d-----w- c:\program files\Enigma Software Group
2009-08-17 22:41 . 2008-06-26 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 22:41 . 2008-06-26 14:52 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 22:41 . 2008-06-26 14:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 10:49 . 2006-12-09 06:00 -------- d-----w- c:\program files\LimeWire
2009-08-15 21:30 . 2006-01-01 13:36 102184 ----a-w- c:\documents and settings\Name\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 08:35 . 2009-08-15 08:35 -------- d-----w- c:\program files\MSBuild
2009-08-15 08:35 . 2009-08-15 08:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 10:46 . 2008-06-26 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:32 . 2006-12-08 04:50 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 01:36 . 2009-08-04 01:36 -------- d-----w- c:\program files\MSECache
2009-08-03 18:36 . 2009-08-11 11:00 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-06-13 03:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 15:56 . 2006-12-09 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-25 10:23 . 2009-02-20 11:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2008-03-08 04:59 . 2008-03-08 00:30 19340134 ----a-w- c:\program files\WarChessSetup.exe
2008-03-01 21:48 . 2008-03-01 21:48 0 ----a-w- c:\program files\temp01
2006-12-09 06:20 . 2006-12-09 06:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-07-20 23:13 . 2007-07-18 14:16 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-20 23:13 . 2007-07-18 14:16 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-20 23:13 . 2007-07-18 14:16 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-20 23:13 . 2007-07-18 14:16 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-20 23:13 . 2007-07-18 14:16 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-06-27 15:17 . 2009-06-27 15:17 49152 --sha-w- c:\windows\system32\lugopuko.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-27 20:23 . 2009-09-27 20:23 16384 c:\windows\temp\Perflib_Perfdata_be0.dat
+ 2006-01-01 12:55 . 2009-09-27 13:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-01 12:55 . 2009-09-27 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-12-10 160832]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-07-02 2841824]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-03 55368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"KMCONFIG"="c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-02 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civ3XEdit.exe"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Micro Innovations\\Wireless Keyboard & Mouse Driver\\KMCONFIG.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/1/2006 8:09 AM 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/26/2008 9:52 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/26/2008 9:52 AM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/1/2006 8:08 AM 13696]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 11:11 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 11:11 AM 297752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [4/5/2007 11:29 AM 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 9:16 PM 24652]
S3 Amps2prt;Kensington PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/11/2009 6:00 AM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Name\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Name\Application Data\Mozilla\Firefox\Profiles\m08bc0kg.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-27 15:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\docume~1\Name\LOCALS~1\Temp\~DF4EA6.tmp 16384 bytes

scan completed successfully
hȋdden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMCONFIG.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\dca-ua.exe
c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-27 15:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 20:31
ComboFix2.txt 2009-09-27 18:13
ComboFix3.txt 2009-09-27 14:31
ComboFix4.txt 2009-09-27 13:11

Pre-Run: 41,002,717,184 bytes free
Post-Run: 40,961,941,504 bytes free

310 --- E O F --- 2009-09-09 11:16

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 8:46 pm

Hello.
A few more things to do yet.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 8:52 pm

here it is:

10 Days Under The Sea
Ad-Aware SE Personal
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader 8.1.0
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adventure Chronicles
Age of Mythology
Age of Mythology - The Titans Expansion
AI RoboForm (All Users)
AIM 6
AIMTunes
Ancient Quest Of Saqqarah
Annabel
Apple Software Update
ArchMage
Artist Colony 1.00
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
AT&T Toolbar
Avery Wizard 3.1
AVG Free 8.5
Babylon
Be Rich
Big Fish Games Client
Big Kahuna Reef 2 - Chain Reaction
Build in Time
Buildalot
Buildalot 2 Town Of The Year
Business Plan Pro 2007
Can You See What I See Dream Machine
Chessmaster Challenge
Civilization III - Gold Edition
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Coupon Printer for Windows
CouponBar
Crazy Honeymoon Season I Uninstallation
Critical Update for Windows Media Player 11 (KB959772)
Crumb
DivX
DivX Content Uploader
DivX Web Player
Elias The Mighty
Eschalon Book 1
Fairway Solitaire
Farm Frenzy 3
Farm Frenzy Pizza Party
Fashion Dash
Fitness Frenzy
FlashGet(Jetcar) 1.80
ForgotRiddle2
Gemini Lost
Gloom Beacon
Go Go Gourmet Chef Of The Year
Google Earth
Hells Kitchen
hȋdden Magic 1.00
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
I Spy Fun House 1.00
InterVideo DeviceService
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Lavender's Botanicals
LimeWire PRO 4.13.0
Little Shop Road Trip
Living 3D Butterflies 1.0
Lottso Deluxe
Magic Seeds
MAGIX Ringtone Maker 2 silver (US)
Malwarebytes' Anti-Malware
Masters of Mystery Crime of Fashion
MBA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Monarch - The Butterfly King
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
MySpaceIM
Mystery Legends - Sleepy Hollow
Mystic Diary - Lost Brother 1.00
Nero 7 Premium
NVIDIA Drivers
Okoker Audio Factory 2.2
OpenAL
Panda ActiveScan
Philips Device Manager
PowerArchiver 2007
Puzzle Quest
QuickTime
Ranch Rush
RealArcade
RealPlayer
Realtek AC'97 Audio
Romance of Rome 1.00
Roxio Content 9
SanDisk ImageMate Reader/Writer
Sandlot Games Client Services 1.2.2
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
She is a Shadow
Slingo Quest Hawaii
The Great Chocolate Chase
The Magicians Handbook II
The Mysterious City - Golden Prague 1.0
The Mystery Of The Crystal Portal
The Race
Tradewinds Caravans
Treasure Masters
Treasures Of The Ancient Cavern
Tropicabana
TTS Wrapper
Tumblebugs 2
Turbo Lister 2
Ulead VideoStudio 11
UltraISO Premium V8.61
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Vampire Saga Pandoras Box 1.00
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual City
Virtual Farm
War Chess
Wild West Quest
Winamp (remove only)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile Device Handbook
Windows XP Service Pack 3
WinRAR archiver
reƖ Keyboard & Mouse Driver
Wonderburg 1.0.0.0
Wondershare DVD Slideshow Builder 3.1.0
World Mosaics
Xilisoft Video Converter 3
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yummy Drink Factory
Zen Fashion
Zulu's Zoo 1.00

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 9:18 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    CouponBar
    Java(TM) 6 Update 15
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire PRO 4.13.0
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\Coupons
    c:\windows\system32\drivers\dahf818.sys
    c:\program files\LimeWire
    c:\documents and settings\Name\Application Data\LimeWire
    c:\documents and settings\All Users\Application Data\LimeWire
    c:\program files\Viewpoint
    c:\documents and settings\Name\Application Data\Viewpoint
    c:\documents and settings\All Users\Application Data\Viewpoint

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 9:55 pm

OT log:
========== FILES ==========
c:\program files\Coupons\Uninstall moved successfully.
c:\program files\Coupons moved successfully.
c:\windows\system32\drivers\dahf818.sys moved successfully.
c:\program files\LimeWire\root\magnet10 moved successfully.
c:\program files\LimeWire\root moved successfully.
c:\program files\LimeWire\.NetworkShare moved successfully.
c:\program files\LimeWire moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\xml\schemas moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\xml\misc moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\xml\data moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\xml moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\themes\limewirePro_theme moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\themes moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\.NetworkShare\Incomplete moved successfully.
c:\documents and settings\Name\Application Data\LimeWire\.NetworkShare moved successfully.
c:\documents and settings\Name\Application Data\LimeWire moved successfully.
File/Folder c:\documents and settings\All Users\Application Data\LimeWire not found.
c:\program files\Viewpoint\Viewpoint Toolbar moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\Components moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player moved successfully.
c:\program files\Viewpoint moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
c:\documents and settings\Name\Application Data\Viewpoint moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
c:\documents and settings\All Users\Application Data\Viewpoint moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\ deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09272009_165240

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 10:15 pm

My AVG resident shield just poped up with this alert:
Threat Detected!
c:\System Volume Information\_restore{44FE438B-8F9A-44BA-AF06-567AEA39E01D}\RP1\A0000040.EXE
Trojan horse Generic 14.BISS
Detected on open.
do I heal, move to vault or ignore?

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 27th September 2009, 11:00 pm

it came up with 2 with the same file names, attempted to remove them, couldn't, attempted to move them to the vault and only one moved, the other says some files can not be moved, specified file can not be found.

i am running out for a bit, will check when i get back..

thank you again you are a wonderful person to help out like this!!!!

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by Belahzur on 27th September 2009, 11:47 pm

Hello.
System Volume Information is just system restore, we'll reset that now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Help please

Post by damina on 28th September 2009, 1:38 am

just got back, ran the combofix/u, it uninstalled, comp rebooted and i got a box popup that said 'The security information is invalid or had been modified. This program will be terminated. the box on the task bar has the icon for the antivirus pro. That's the only thing left now. All the icons that were in the bar by the clock are gone and no other popups. Other than that everything seems to be running great!!!

Thank you again!!! Thank You!

damina
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-27
OS OS : win xp
Points Points : 26321
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum