Norman Malware Cleaner "Removel"

View previous topic View next topic Go down

Norman Malware Cleaner "Removel"

Post by Dino37 on Wed Oct 28, 2009 8:49 pm

I downloaded and ran Norman Malware Cleaner it found W32/AskBar.E , once my computer rebooted i can no longer access OR Delete Normal Malware Cleaner.
What ever i was infected with prevented me from using other virus/trojan cleaners Even my Mcafee program. i finally used Avast and Spyware Doctor to remove the infections I HOPE!
please any help would be great!
Dino..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:57 PM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\comboFIX\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0014101256703761) (0014101256703761mcinstcleanup) - Unknown owner - C:\DOCUME~1\Dino\LOCALS~1\Temp\001410~1.EXE (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate1c9d33e63083e4c) (gupdate1c9d33e63083e4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8559 bytes

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Belahzur on Wed Oct 28, 2009 9:39 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Wed Oct 28, 2009 11:10 pm

First of all i wanna say Thank You!!
heres the Log file below..

Malwarebytes' Anti-Malware 1.41
Database version: 3049
Windows 5.1.2600 Service Pack 2

10/28/2009 5:02:44 PM
mbam-log-2009-10-28 (17-02-44).txt

Scan type: Quick Scan
Objects scanned: 100805
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\addins\addins (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Belahzur on Thu Oct 29, 2009 12:27 am

Lets go a bit deeper, see if we find anything.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Thu Oct 29, 2009 1:11 am

Sounds Good! & Thank You!

LOG#1


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2009 10:23:03 AM
System Uptime: 10/28/2009 6:48:05 PM (1 hours ago)

Motherboard: | | 741GX-M2
Processor: AMD Sempron(tm) 2400+ | Socket A | 1663/166mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 37 GiB total, 27.743 GiB free.
D: is fȋxed (FAT32) - 16 GiB total, 5.367 GiB free.
E: is fȋxed (FAT32) - 16 GiB total, 5.311 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/28/2009 5:02:44 PM - System Checkpoint

==== Installed Programs ======================

2Wire Wireless Client
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Anim-FX
Apple Software Update
ArcSoft PhotoStudio 5.5
AT&T Yahoo! Messenger
Browser Defender 2.0.6.10
Canon CanoScan Toolbox 4.5
Canon i250
CCScore
Creative WebCam Center
Creative WebCam Live! Pro Driver (1.01.01.1011)
Desktop Notifier
DFX for Winamp
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Eye Candy 4000
fflink
Flash Movie Player 1.4
Get Yahoo! Messenger
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB943232)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB954708)
Ipswitch WS_FTP Pro
Jasc Paint Shop Pro 8
Java(TM) 6 Update 16
Junk Mail filter update
Kodak EasyShare software
LimeWire 5.3.6
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
MediaRing Talk
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
mIRC
Mozilla Firefox (3.5.3)
MP3 CD Extractor 1.06
MP3 Player Utilities 4.19
MSVCRT
MyProfessionalBusinessCards
netbrdg
Newsflash
NTI CD-Maker
NTI CD-Maker 6 Platinum
NVIDIA Drivers
OfotoXMI
OmniPage SE 2.0
Opera 9.64
Paint Shop Pro 7
QuickTime
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Skype web features
Skype™ 4.1
SmartDraw Photo
Sound Blaster PCI128 Drivers
Spell Checker For OE 2.1
Spybot - Search & Destroy
Spyware Doctor 7.0
staticcr
SWF 'n Slide
tooltips
Ulead Animation.Applet 2.0 Trial
USB EHCI Driver
VC 9.0 Runtime
VPRINTOL
Web Page Maker V3.12
WebFldrs XP
Winamp (remove only)
Window Washer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Service Pack 2
WinRAR archiver
WIRELESS
Xara3D 5
YouTube Downloader 2.5.2
ZoneAlarm Spy Blocker Toolbar

==== End Of File ===========================

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Thu Oct 29, 2009 1:12 am

LOG#2


DDS (Ver_09-10-26.01) - NTFSx86
Run by Dino at 18:59:36.64 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1151.742 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dino\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2K0.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.19\amvconverter\grab.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - [You must be registered and logged in to see this link.]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dino\applic~1\mozilla\firefox\profiles\efbkajwa.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-26 207280]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-29 464264]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-26 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-27 203280]
S2 0014101256703761mcinstcleanup;McAfee Application Installer Cleanup (0014101256703761);c:\docume~1\dino\locals~1\temp\001410~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\dino\locals~1\temp\001410~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9d33e63083e4c;Google Update Service (gupdate1c9d33e63083e4c);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-26 358600]

=============== Created Last 30 ================

2009-10-28 22:54:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 22:54:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 22:54:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 17:47:31 0 d-sha-r- C:\cmdcons
2009-10-28 17:45:58 98816 ----a-w- c:\windows\sed.exe
2009-10-28 17:45:58 77312 ----a-w- c:\windows\MBR.exe
2009-10-28 17:45:58 236544 ----a-w- c:\windows\PEV.exe
2009-10-28 17:45:58 161792 ----a-w- c:\windows\SWREG.exe
2009-10-28 14:51:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 04:27:55 8721 ----a-w- c:\windows\system32\Config.MPF
2009-10-28 04:22:55 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-28 04:22:55 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-28 04:22:55 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-28 04:22:50 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-28 04:21:57 0 d-----w- c:\program files\common files\McAfee
2009-10-28 04:21:55 0 d-----w- c:\program files\McAfee.com
2009-10-28 04:21:47 0 d-----w- c:\program files\McAfee
2009-10-28 04:18:25 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-28 00:09:44 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-27 22:48:13 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-27 22:48:13 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-27 22:48:13 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-27 21:32:27 0 d-----w- c:\windows\McAfee.com
2009-10-26 22:39:24 883 ----a-w- c:\windows\RegSDImport.xml
2009-10-26 22:39:24 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-26 22:39:23 880 ----a-w- c:\windows\RegISSImport.xml
2009-10-26 22:39:23 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-26 22:39:23 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-26 22:39:23 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-26 22:39:23 131 ----a-w- c:\windows\IDB.zip
2009-10-26 22:39:23 1152470 ----a-w- c:\windows\UDB.zip
2009-10-26 22:36:07 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-26 22:36:07 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-26 22:35:59 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-26 22:35:59 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-26 22:35:59 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-26 22:35:59 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-26 22:35:48 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-26 22:35:48 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-26 22:35:32 0 d-----w- c:\program files\common files\PC Tools
2009-10-26 22:35:31 0 d-----w- c:\program files\Spyware Doctor
2009-10-26 22:35:31 0 d-----w- c:\docume~1\dino\applic~1\PC Tools
2009-10-26 22:35:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-26 19:18:02 118784 ----a-w- c:\windows\GREUninstall.exe
2009-10-26 19:17:56 4387 ----a-w- c:\windows\mozver.dat
2009-10-23 04:29:44 0 d-----w- c:\program files\slideshow
2009-10-18 18:13:24 0 d-----w- C:\OutputFolder
2009-10-18 18:11:19 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-10-18 18:02:36 0 d-----w- c:\docume~1\dino\applic~1\AVS4YOU
2009-10-18 18:02:33 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-10-18 18:01:31 0 d-----w- c:\program files\common files\AVSMedia
2009-10-18 18:01:25 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-10-18 18:01:25 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-10-18 18:01:25 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-18 18:01:24 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-18 18:01:24 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-10-18 18:01:24 0 d-----w- c:\program files\AVS4YOU
2009-10-16 23:05:15 0 d-----w- c:\program files\YouTube Downloader
2009-10-05 23:45:27 0 d-----w- c:\docume~1\dino\applic~1\MRTalk
2009-10-05 23:45:10 0 d-----w- c:\program files\MediaRing
2009-09-30 21:57:34 0 d-----w- c:\program files\LimeWire
2009-09-30 21:54:54 0 d-----w- c:\documents and settings\dino\.limewire

==================== Find3M ====================

2009-09-16 16:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-31 20:23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 19:00:25.34 ===============

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Thu Oct 29, 2009 5:44 pm

Am i still infected with something???
Ready when you are!
Again Thank You for Helping!


Hello. Please be patient, as we do this service for free. Sometimes life, family, sickness, etc. are first priorities. Instead of sending a PM, please wait for a reply. If nȯne received in two days, then please see [You must be registered and logged in to see this link.], and we will draw attention to it, or you may reply in your topic (after waiting two days) with the word "bump". We know you need help, but we try to have one helper per user that needs help. This prevents confusion.
~ DragonMaster Jay

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Sat Oct 31, 2009 5:04 pm

bump

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Belahzur on Sat Oct 31, 2009 8:09 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Limewire

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Sat Oct 31, 2009 8:40 pm

i removed Lime Wire yesterday because of something i read here, i cant find
the Ask Toolbar in Add/Remove Programs is there another way i can remove it?
My Pc is much faster but my outlook loads really slow .
Thank you so much for all of your help!
i'll check back for info on removing the Ask Toolbar.

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Dino37 on Sun Nov 01, 2009 4:26 pm

I ran a Scan with Spyware Doctor and it said i was infected with trojan.generic and a bunch of viruses.
I have not downloaded anything or been any place on the net other then here and Facebook.. is there any Hope for my Computer??
and i still cant remove Norman Malware Cleaner
Any help would be greatly appreciated!

Dino37
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-10-28
Gender Gender : Male
OS OS : XP Pro Sp2 AMD Sempron 2400+ 1.66GHz
Points Points : 25966
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Norman Malware Cleaner "Removel"

Post by Belahzur on Sun Nov 01, 2009 10:42 pm

Post a new Hijack This log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum