Antivirus Live not removed by Malwarebytes' Anti-Malware?

View previous topic View next topic Go down

Solved Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 6th January 2010, 12:12 am

Hello,

Very impressed by GeekPolice site. Total heroes.

Unfortunately, after following the instructions for removal of Antivirus Live, I find that it stlll exists on our desktop PC (Windows XP).
I went back into Safe Mode with networking and re-ran Malwarebytes' Anti-Malware and it informed me that there are no infections (The first time I ran it, it came up with 34 infections - which it then removed).

My active desktop has also been turned off. When I try to restore it, I get the warning message which asks me if I'd like to activate the Antivrus Live etc etc. I get this message when I try to open most applications.

Any suggestions or advice welcomed.

Thanks, sHd


Last edited by shoulderhead on 6th January 2010, 12:13 am; edited 1 time in total (Reason for editing : spelling)

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 6th January 2010, 12:44 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 6th January 2010, 2:25 am

Thanks for quick reply, Belahzur.
Have downloaded HijackThis - but having difficulty installing.

Cannot install in normal running mode (Antivirus Live warning message prevents) and in safe mode I am informed that the administrator has set policies which will not allow the install!

I will sort this out somehow and post back with log - but that will be in a few hours time as I must sleep and go to work (UK time).
Thanks again, sHd

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 6th January 2010, 9:04 pm

Hello again,

Thanks for your patience, just back in from work.

Below is the HijackThis logfile for this PC.

Thanks again for your advice. sHd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:04, on 06/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Date Army Wma Spam] C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Default Defy.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "F:\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [fsxkfbtp] C:\Documents and Settings\Owner\Local Settings\Application Data\euanqb\yghdsysguard.exe
O4 - HKCU\..\Run: [RecordNow!] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2752275559-3613656923-2493398508-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [You must be registered and logged in to see this link.]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c9897faa56cefc) (gupdate1c9897faa56cefc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 11460 bytes

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 6th January 2010, 10:01 pm

Hello.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O4 - HKLM\..\Run: [Date Army Wma Spam] C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Default Defy.exe
    O4 - HKCU\..\Run: [fsxkfbtp] C:\Documents and Settings\Owner\Local Settings\Application Data\euanqb\yghdsysguard.exe



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 6th January 2010, 11:22 pm

Fantastic, Belahzur, I think you've fixed it.

Wary about speaking too soon, but all seems to be working well at the moment.

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.43
Database version: 3504
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

06/01/2010 23:10:22
mbam-log-2010-01-06 (23-10-22).txt

Scan type: Quick Scan
Objects scanned: 139098
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MPKZQJQR\dfghfghgfj[1].dll (Trojan.NHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4N69YH\SetupIS2010[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 6th January 2010, 11:27 pm

Download [You must be registered and logged in to see this link.]

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 7th January 2010, 12:00 am

Thanks again.
Still running well.
Here's the Lop S&D log:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:107 Go (Free:30 Go)
D:\ (Local Disk) - FAT32 - Total:3 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:153 Go (Free:90 Go)
G:\ (USB) - FAT32 - Total:3854 Mo (Free:2 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/01/2010|23:44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Owner\LOCALS~1\Temp\nsk46.tmp
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@ads.adultadvertising[2].txt
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@advertisingarchives.co[1].txt
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@advertising[2].txt
Deleted! - C:\Program Files\Circle Developement
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[05/01/2010|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[20/11/2007|18:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[01/01/2004|23:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/01/2004|00:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[17/05/2009|11:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[05/01/2010|22:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[06/01/2010|20:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[05/01/2010|21:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[02/01/2004|01:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[01/01/2004|23:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[02/01/2004|06:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[23/03/2009|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[19/06/2009|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[02/03/2007|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/08/2008|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOPSettings
[03/07/2007|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/10/2006|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/07/2009|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
[08/02/2009|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[13/07/2008|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[06/02/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[28/08/2008|01:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
[07/06/2009|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
[11/11/2005|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Final Draft
[15/09/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/01/2009|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[21/10/2009|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[28/03/2009|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[02/01/2004|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[06/01/2010|23:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[19/06/2009|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[05/01/2010|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[28/07/2009|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[12/12/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[20/12/2009|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/11/2004|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[02/01/2004|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[28/12/2004|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[29/04/2007|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[13/03/2005|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
[27/04/2007|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[20/10/2007|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[26/04/2007|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[26/04/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[16/09/2004|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[16/03/2009|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/04/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[06/02/2009|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[07/01/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[06/02/2009|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[18/03/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[02/03/2007|14:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[17/01/2009|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[31/07/2005|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[31/01/2007|17:25] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

[20/11/2007|18:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|23:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2004|00:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[17/05/2009|11:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[02/01/2004|01:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2004|01:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|23:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[02/01/2004|06:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[30/06/2009|11:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVGTOOLBAR
[20/10/2008|19:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[20/10/2008|19:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/09/2005|16:59] C:\DOCUME~1\Owner\APPLIC~1\.bittorrent
[24/11/2009|14:56] C:\DOCUME~1\Owner\APPLIC~1\Adobe
[02/03/2007|14:26] C:\DOCUME~1\Owner\APPLIC~1\AdobeAUM
[20/11/2009|20:36] C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
[07/09/2007|19:57] C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
[27/03/2005|12:20] C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
[20/10/2008|20:40] C:\DOCUME~1\Owner\APPLIC~1\AVGTOOLBAR
[13/07/2008|20:44] C:\DOCUME~1\Owner\APPLIC~1\AVS4YOU
[06/07/2008|21:28] C:\DOCUME~1\Owner\APPLIC~1\CoSoSys
[11/06/2005|01:37] C:\DOCUME~1\Owner\APPLIC~1\Creative
[11/11/2005|17:22] C:\DOCUME~1\Owner\APPLIC~1\Final Draft
[15/09/2006|14:00] C:\DOCUME~1\Owner\APPLIC~1\Google
[13/03/2008|21:39] C:\DOCUME~1\Owner\APPLIC~1\great manager
[20/01/2007|15:51] C:\DOCUME~1\Owner\APPLIC~1\Help
[28/03/2009|16:54] C:\DOCUME~1\Owner\APPLIC~1\HP
[17/01/2009|22:41] C:\DOCUME~1\Owner\APPLIC~1\HPAppData
[01/01/2004|23:00] C:\DOCUME~1\Owner\APPLIC~1\Identities
[06/03/2007|19:45] C:\DOCUME~1\Owner\APPLIC~1\IMVU
[29/04/2007|22:23] C:\DOCUME~1\Owner\APPLIC~1\InstallShield
[10/10/2004|11:52] C:\DOCUME~1\Owner\APPLIC~1\Intervideo
[26/08/2004|22:08] C:\DOCUME~1\Owner\APPLIC~1\Kazaa Lite
[06/06/2005|22:59] C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
[04/11/2004|13:14] C:\DOCUME~1\Owner\APPLIC~1\Leadertech
[25/08/2004|16:42] C:\DOCUME~1\Owner\APPLIC~1\Macromedia
[05/01/2010|22:54] C:\DOCUME~1\Owner\APPLIC~1\Malwarebytes
[06/01/2010|20:52] C:\DOCUME~1\Owner\APPLIC~1\Microsoft
[21/10/2004|10:42] C:\DOCUME~1\Owner\APPLIC~1\Motive
[26/08/2008|19:38] C:\DOCUME~1\Owner\APPLIC~1\Mozilla
[12/09/2006|02:36] C:\DOCUME~1\Owner\APPLIC~1\MSN6
[31/01/2007|17:25] C:\DOCUME~1\Owner\APPLIC~1\MySpace
[27/04/2007|21:07] C:\DOCUME~1\Owner\APPLIC~1\Pinnacle Systems
[14/03/2005|01:35] C:\DOCUME~1\Owner\APPLIC~1\Real
[29/06/2005|14:45] C:\DOCUME~1\Owner\APPLIC~1\Red Chair Software
[18/02/2006|14:54] C:\DOCUME~1\Owner\APPLIC~1\Roxio
[02/01/2004|01:15] C:\DOCUME~1\Owner\APPLIC~1\SampleView
[05/10/2008|15:57] C:\DOCUME~1\Owner\APPLIC~1\Samsung
[05/01/2010|21:25] C:\DOCUME~1\Owner\APPLIC~1\Skype
[07/12/2004|15:50] C:\DOCUME~1\Owner\APPLIC~1\Sonic
[06/02/2009|21:17] C:\DOCUME~1\Owner\APPLIC~1\Sony
[07/01/2006|19:53] C:\DOCUME~1\Owner\APPLIC~1\Sony Corporation
[02/03/2007|14:20] C:\DOCUME~1\Owner\APPLIC~1\Sony Ericsson
[22/12/2009|14:32] C:\DOCUME~1\Owner\APPLIC~1\Spotify
[01/01/2004|23:32] C:\DOCUME~1\Owner\APPLIC~1\Sun
[01/08/2008|15:05] C:\DOCUME~1\Owner\APPLIC~1\Symantec
[02/03/2007|14:20] C:\DOCUME~1\Owner\APPLIC~1\Teleca
[27/08/2004|23:32] C:\DOCUME~1\Owner\APPLIC~1\Template
[14/09/2007|00:37] C:\DOCUME~1\Owner\APPLIC~1\Uniblue
[23/03/2006|19:58] C:\DOCUME~1\Owner\APPLIC~1\Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[06/01/2010 23:24][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[06/01/2010 23:24][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/01/2010 18:07][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[31/12/2009 13:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/02/2004 01:29][-rah-c---] C:\WINDOWS\tasks\desktop.ini
[06/01/2010 23:12][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing Folders in C:\Program Files

[03/01/2005|16:33] C:\Program Files\42 Bit Scanner
[07/05/2007|22:56] C:\Program Files\Adobe
[26/04/2007|18:46] C:\Program Files\AdorageI-GfxDatas
[26/04/2007|18:44] C:\Program Files\AdorageI-SAL
[29/08/2006|16:12] C:\Program Files\Advanced GIF Animator
[23/03/2009|17:18] C:\Program Files\Apple Software Update
[27/03/2005|12:08] C:\Program Files\ArcSoft
[10/03/2009|10:11] C:\Program Files\Avanquest update
[20/10/2008|20:00] C:\Program Files\AVG
[04/04/2006|17:26] C:\Program Files\Avid
[15/07/2008|23:31] C:\Program Files\AviSynth 2.5
[15/07/2008|23:26] C:\Program Files\AVS4YOU
[22/12/2004|23:52] C:\Program Files\Belarc
[20/09/2005|16:58] C:\Program Files\BitTorrent
[23/03/2009|14:07] C:\Program Files\Bonjour
[13/11/2007|16:54] C:\Program Files\Browser MOUSE
[10/11/2004|01:47] C:\Program Files\BullsEye Network(2)
[10/11/2004|01:32] C:\Program Files\BullsEye Network(3)
[10/11/2004|01:49] C:\Program Files\CDex_150
[28/08/2008|01:27] C:\Program Files\Channel4
[20/08/2007|11:50] C:\Program Files\CloneDVD
[21/09/2009|19:00] C:\Program Files\Common Files
[11/06/2005|13:40] C:\Program Files\Creative
[21/01/2005|20:33] C:\Program Files\Digital Photo Navigator 1.0
[04/11/2007|19:30] C:\Program Files\DivX
[07/03/2005|16:31] C:\Program Files\Dvd-to-mpeg
[05/07/2005|15:18] C:\Program Files\Easy Internet signup
[07/06/2009|19:22] C:\Program Files\Electronic Arts
[19/06/2005|21:08] C:\Program Files\ERUNT
[13/11/2005|21:55] C:\Program Files\Final Draft 7
[13/11/2005|21:55] C:\Program Files\Final Draft Tagger
[03/11/2006|18:48] C:\Program Files\Fmusic
[27/12/2009|18:26] C:\Program Files\Google
[02/01/2008|23:39] C:\Program Files\great manager
[17/01/2009|22:40] C:\Program Files\Hewlett-Packard
[28/03/2009|16:31] C:\Program Files\HP
[17/07/2006|19:01] C:\Program Files\IconEdit32
[07/06/2009|18:55] C:\Program Files\InstallShield Installation Information
[22/10/2008|11:33] C:\Program Files\InterMute
[19/12/2009|04:20] C:\Program Files\Internet Explorer
[13/11/2007|16:54] C:\Program Files\InterVideo
[23/03/2009|14:08] C:\Program Files\iPod
[30/05/2007|13:48] C:\Program Files\IrfanView
[23/03/2009|14:08] C:\Program Files\iTunes
[23/11/2009|15:50] C:\Program Files\Java
[28/08/2008|01:27] C:\Program Files\Kontiki
[21/12/2004|21:23] C:\Program Files\Lavalys
[19/06/2009|17:04] C:\Program Files\Lavasoft
[13/11/2007|16:54] C:\Program Files\LizardTech
[04/11/2004|18:19] C:\Program Files\Logitech
[05/01/2010|22:39] C:\Program Files\Malwarebytes' Anti-Malware
[13/09/2008|11:16] C:\Program Files\Messenger
[02/01/2008|23:38] C:\Program Files\Messenger Plus! Live
[25/02/2006|12:50] C:\Program Files\MFInstall
[21/09/2009|19:03] C:\Program Files\Microsoft
[10/11/2004|01:49] C:\Program Files\Microsoft ActiveSync
[09/05/2007|02:03] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/01/2004|23:00] C:\Program Files\microsoft frontpage
[06/01/2009|16:46] C:\Program Files\Microsoft Office
[05/10/2009|11:14] C:\Program Files\Microsoft Silverlight
[26/04/2007|18:27] C:\Program Files\Microsoft SQL Server
[09/09/2004|12:46] C:\Program Files\Microsoft Works
[07/06/2009|19:22] C:\Program Files\Microsoft WSE
[13/11/2007|16:54] C:\Program Files\Motive
[13/09/2008|11:08] C:\Program Files\Movie Maker
[06/01/2010|23:41] C:\Program Files\Mozilla Firefox
[03/08/2005|20:47] C:\Program Files\MP3 Player Utilities
[06/08/2009|22:22] C:\Program Files\MSBuild
[26/02/2009|21:23] C:\Program Files\MSECache
[14/09/2006|18:12] C:\Program Files\MSN
[01/01/2004|22:57] C:\Program Files\MSN Gaming Zone
[21/09/2009|19:04] C:\Program Files\MSN Messenger
[26/11/2008|04:09] C:\Program Files\MSXML 4.0
[21/01/2008|20:11] C:\Program Files\MySpace
[13/09/2008|11:04] C:\Program Files\NetMeeting
[20/10/2004|17:42] C:\Program Files\ntl
[16/11/2004|12:29] C:\Program Files\OfficeUpdate11
[02/01/2004|01:11] C:\Program Files\Online Services
[05/10/2009|01:15] C:\Program Files\Outlook Express
[21/03/2006|23:14] C:\Program Files\Paltalk Messenger
[02/01/2004|01:03] C:\Program Files\PC-Doctor for Windows
[29/07/2005|00:48] C:\Program Files\PCFriendly
[26/04/2007|18:30] C:\Program Files\Pinnacle
[13/11/2007|16:55] C:\Program Files\Presario PC Help
[26/04/2007|18:52] C:\Program Files\proDAD
[23/03/2009|14:06] C:\Program Files\QuickTime
[14/03/2005|01:32] C:\Program Files\Real
[04/11/2004|18:19] C:\Program Files\Reality Fusion
[19/10/2007|00:16] C:\Program Files\Realtek AC97
[25/08/2004|17:57] C:\Program Files\RecordNow!
[06/08/2009|22:22] C:\Program Files\Reference Assemblies
[18/08/2007|11:59] C:\Program Files\Samsung
[12/09/2004|22:01] C:\Program Files\ScanSoft
[21/10/2008|21:53] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[16/03/2009|01:59] C:\Program Files\Skype
[25/11/2004|02:46] C:\Program Files\SmartSound Software
[25/08/2004|17:57] C:\Program Files\Sonic
[06/02/2009|21:14] C:\Program Files\Sony
[07/01/2006|19:30] C:\Program Files\Sony Corporation
[06/02/2009|21:14] C:\Program Files\Sony Ericsson
[06/02/2009|21:13] C:\Program Files\Sony Setup
[26/06/2009|15:21] C:\Program Files\Spotify
[22/10/2008|10:46] C:\Program Files\Spybot - Search & Destroy
[25/10/2004|17:37] C:\Program Files\TCWorks
[21/10/2008|21:53] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[06/01/2010|20:54] C:\Program Files\Trend Micro
[02/01/2004|00:20] C:\Program Files\Uninstall Information
[12/09/2004|22:02] C:\Program Files\Visioneer
[10/11/2004|01:46] C:\Program Files\Web_Rebates(2)
[10/11/2004|01:32] C:\Program Files\Web_Rebates(3)
[06/11/2008|01:57] C:\Program Files\WinAVI MP4 Converter
[21/09/2009|19:03] C:\Program Files\Windows Live
[01/12/2008|22:33] C:\Program Files\Windows Live Safety Center
[21/09/2009|19:03] C:\Program Files\Windows Live SkyDrive
[14/01/2007|15:10] C:\Program Files\Windows Media Connect 2
[15/09/2008|10:18] C:\Program Files\Windows Media Player
[13/09/2008|11:04] C:\Program Files\Windows NT
[01/01/2004|23:00] C:\Program Files\xerox
[01/11/2008|14:54] C:\Program Files\XoftSpySE
[13/11/2007|16:55] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[25/10/2004|17:36] C:\Program Files\Common Files\Adobe
[23/03/2009|14:08] C:\Program Files\Common Files\Apple
[15/07/2008|23:26] C:\Program Files\Common Files\AVSMedia
[10/11/2004|01:49] C:\Program Files\Common Files\Designer
[13/03/2005|16:24] C:\Program Files\Common Files\DirectX
[17/01/2009|22:40] C:\Program Files\Common Files\Hewlett-Packard
[17/01/2009|22:40] C:\Program Files\Common Files\HP
[19/10/2004|01:00] C:\Program Files\Common Files\InstallShield
[01/01/2004|23:31] C:\Program Files\Common Files\Java
[08/11/2004|22:33] C:\Program Files\Common Files\L&H
[04/11/2004|18:18] C:\Program Files\Common Files\Logitech
[21/09/2009|19:03] C:\Program Files\Common Files\Microsoft Shared
[20/10/2004|17:45] C:\Program Files\Common Files\Motive
[01/01/2004|22:58] C:\Program Files\Common Files\MSSoap
[14/02/2008|03:01] C:\Program Files\Common Files\ODBC
[14/03/2005|01:33] C:\Program Files\Common Files\Real
[12/09/2004|22:01] C:\Program Files\Common Files\ScanSoft Shared
[26/08/2004|00:45] C:\Program Files\Common Files\Services
[25/08/2004|17:58] C:\Program Files\Common Files\Sonic
[06/02/2009|21:14] C:\Program Files\Common Files\Sony Shared
[01/01/2004|22:53] C:\Program Files\Common Files\SpeechEngines
[25/08/2004|17:57] C:\Program Files\Common Files\SureThing Shared
[20/10/2008|19:55] C:\Program Files\Common Files\Symantec Shared
[13/09/2008|11:04] C:\Program Files\Common Files\System
[17/09/2007|20:08] C:\Program Files\Common Files\Teleca Shared
[21/09/2009|19:00] C:\Program Files\Common Files\Windows Live
[13/11/2005|21:55] C:\Program Files\Common Files\Wise Installation Wizard
[14/03/2005|01:33] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hȋdden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-06 23:47:33
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile
scanning hȋdden processes ...
scanning hȋdden files ...
C:\WINDOWS\System32\kbdsock.dll 33280 bytes executable
C:\WINDOWS\System32\mshlps.dll 40448 bytes executable
scan completed successfully
hȋdden processes: 0
hȋdden files: 172

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-13df0326-294ab5cb.au
C:\DOCUME~1\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-13df0326-294ab5cb.idx
C:\DOCUME~1\Owner\Local Settings\Application Data\Microsoft\Messenger\vampires-will-hurt-you@hotmail.co.uk\Sharing Folders\btvsfifi_fiona@hotmail.co.uk\Photoshop bits\brushes\Loaded Brushes\crack_nosferabat.abr
C:\DOCUME~1\Owner\Local Settings\Application Data\Microsoft\Messenger\vampires-will-hurt-you@hotmail.co.uk\Sharing Folders\btvsfifi_fiona@hotmail.co.uk\Photoshop bits\brushes\Loaded Brushes\dw_cracks.abr
C:\DOCUME~1\Owner\My Documents\Billie\Billie USB copy BACKUP\Sega Genesis\Crack Down.zip
C:\DOCUME~1\Owner\My Documents\Billie\photoshop\Photoshop bits\brushes\Loaded Brushes\crack_nosferabat.abr
C:\DOCUME~1\Owner\My Documents\Billie\photoshop\Photoshop bits\brushes\Loaded Brushes\dw_cracks.abr
C:\DOCUME~1\Owner\My Documents\Lew\cd files\Emulation\Roms\Sega Genesis\Crack Down.zip
C:\DOCUME~1\Owner\My Documents\Lew\cd files 2\Rick in 10 years f*** on alcohol and crack.wmv
C:\DOCUME~1\Owner\My Documents\My Music\iTunes\iTunes Music\Kanye West Feat. The Game\Late Registration\08 Crack Music.mp3


[F:3328][D:123]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:355][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:361][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/01/2010|23:51 - Option : [2]

--------------------\\ Scan completed at 23:51:10

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 7th January 2010, 12:02 am

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 7th January 2010, 12:27 am

PC seems to be running better than it has for months.

Here are the DDS logs - an advisory window from DDS has told me to zip and attach the 2nd log? I can't see a facility to attach, so am taking a chance and copying and pasting it? Hope this is alright for you.
First log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 0:14:56.00 on 07/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1265 [GMT 0]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
F:\EADM\Core.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [PPWebCap] c:\progra~1\scansoft\paperp~1\PPWebCap.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [EA Core] "f:\eadm\Core.exe" -silent
uRun: [RecordNow!] c:\progra~1\presar~1\presario\xphwwrs4\plugin\bin\PCHButton.exe
uRun: [Acme.PCHButton] c:\progra~1\presar~1\presario\xphwwrs4\plugin\bin\PCHButton.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: []
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BVRPLiveUpdate] c:\program files\avanquest update\engine\setup.exe -s /patch,/srcupdatec:\docume~1\alluse~1\applic~1\sonyer~1\sonyer~1\liveup~1\LISTOF~1.DAT
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} - [You must be registered and logged in to see this link.]
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - [You must be registered and logged in to see this link.]
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [You must be registered and logged in to see this link.]
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - [You must be registered and logged in to see this link.]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\slro0m3v.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\slro0m3v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-19 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-20 297752]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-9 1245064]
S1 PDIDRV;PDIDRV; [x]
S2 gupdate1c9897faa56cefc;Google Update Service (gupdate1c9897faa56cefc);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2004-8-25 31872]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-2-6 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-2-6 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-2-6 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-2-6 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-2-6 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-2-6 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-2-6 115752]

=============== Created Last 30 ================

2010-01-06 23:43:31 0 d-----w- C:\Lop SD
2010-01-06 20:54:39 0 d-----w- c:\program files\Trend Micro
2010-01-05 22:54:14 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-05 22:39:19 0 ----a-w- c:\windows\system32\18467.exe
2010-01-05 22:39:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 22:39:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 22:39:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 22:39:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-05 01:03:41 1 ----a-w- C:\s
2009-12-30 14:25:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-06 20:52:19 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-19 14:50:12 141189 -c--a-w- c:\windows\hpoins14.dat
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2001-08-22 13:15:48 245760 -c--a-w- c:\windows\inf\i386\viceo.dll
2001-08-22 13:13:38 32768 -c--a-w- c:\windows\inf\i386\Pmicro.dll
2001-08-22 13:13:30 61440 -c--a-w- c:\windows\inf\i386\gl.dll
2001-08-03 18:29:18 13824 -c--a-w- c:\windows\inf\i386\Usbscan.sys
1999-07-18 19:05:04 15716 -c--a-w- c:\windows\inf\i386\Pmxscan.sys
2009-02-07 23:29:00 13560 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 0:15:42.14 ===============

Second log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2004 18:59:42
System Uptime: 01/06/2010 23:11:54 (-3503 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 30.064 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.668 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 153 GiB total, 90.969 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 05/01/2010 16:59:44 - System Checkpoint

==== Installed Programs ======================


32 Bit HP CIO Components Installer
42 Bit Scanner
4oD
Ad-Aware
Ad-Aware SE Personal
Adobe After Effects 5.5
Adobe After Effects 6.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe Premiere Pro
Adobe Reader 6.0
Adobe Shockwave Player 11.5
Advanced GIF Animator 2.23
AIO_Scan
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft PhotoImpression 4
AutoUpdate
Avanquest update
AVG Free 8.5
Avid Free DV
Belarc Advisor 6.1
BitTorrent 4.0.4
Bonjour
Browser MOUSE
BufferChm
CloneDVD 3.9.1
Command & Conquer Red Alert 2
Compatibility Pack for the 2007 Office system
Copy
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DiscAPI (Studio 10)
DivX
DivX Content Uploader
DivX Player
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
EA Download Manager
ERUNT 1.1h
EVEREST Home Edition v1.51
F4100
F4100_doccd
F4100_Help
Family Tree Maker
Final Draft 7
Fmusic
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Update
HpSdpAppCoreApp
HPSSupply
IconEdit32
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPod for Windows 2006-06-28
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
KBD
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
MarketResearch
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 7.0
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.6)
MP3 Player Utilities
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-11-28-01
OpenMG Secure Module 4.0.05
Oregon Scientific DS8118/DS8238
PaperPort 6.5
PC-Doctor for Windows
PCFriendly
Pinnacle HFX Volume 1
Pinnacle Hollywood FX 4.6
Pinnacle Hollywood FX 5
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Presario PC Help
proDAD Heroglyph 2.5
PS2
PSSWCORE
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RAPID (Studio 10)
RealPlayer
Realtek AC'97 Audio
RecordNow!
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shockwave
Skype™ 4.0
SmartSound Quicktracks Plugin
Sonic Update Manager
SonicStage 2.3.00
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite
Sony Ericsson PC Suite 4.010.00
Spotify
Spybot - Search & Destroy 1.4
Status
Studio 10
Studio 10 Bonus DVD
Studio 8
Studio 9
Studio 9.4 Patch
Studio Content CD
Studio Premium Pack 1
Studio RTFx Volume 2
Symantec KB-DocID:2003093015493306
TC Native Essentials 2.02
The Sims Superstar
The Sims™ 3
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Virtual Springfield
Visioneer 4400 Scanner
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vodafone 804SS USB driver Software
WD Firewire HID Driver
WebFldrs XP
WebReg
Westwood Shared Internet Components
WinAVI MP4 Converter
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

06/01/2010 23:12:31, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001109103D66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/01/2010 22:55:15, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde SISAGP viaagp1 ViaIde
05/01/2010 22:55:15, error: Service Control Manager [7022] - The KService service hung on starting.
05/01/2010 22:30:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
05/01/2010 22:18:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32 AvgLdx86 AvgMfx86 BANTExt Fips intelppm PCLEPCI
05/01/2010 22:18:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
05/01/2010 21:02:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
05/01/2010 21:02:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/01/2010 21:01:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Aspi32 AvgLdx86 AvgMfx86 AvgTdiX BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip
05/01/2010 21:01:23, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 21:01:23, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 21:01:23, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 21:01:23, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 21:01:23, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 21:01:23, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2010 20:44:16, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
04/01/2010 00:59:48, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001109103D66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
02/01/2010 22:19:32, error: Service Control Manager [7034] - The MSSQL$PINNACLESYS service terminated unexpectedly. It has done this 1 time(s).
02/01/2010 22:19:29, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
02/01/2010 16:15:31, error: Service Control Manager [7034] - The Pinnacle Systems Media Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Many thanks again. This is much appreciated.


Last edited by shoulderhead on 7th January 2010, 12:31 am; edited 1 time in total (Reason for editing : missed word out of sentence)

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 7th January 2010, 12:31 am

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent 4.0.4
    Java 2 Runtime Environment, SE v1.4.2_03

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\18467.exe
    C:\Lop SD
    C:\s


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 7th January 2010, 12:53 am

Thanks.
Removed Bit torrent and Java 2 Runtime Environment.
This is a family PC used (and abused) by many people, I have no idea about half the stuff on it!

Here are the results from OTMoveIt (excellent icon):

========== FILES ==========
c:\windows\system32\18467.exe moved successfully.
C:\Lop SD\Backup-Lop\Reg folder moved successfully.
C:\Lop SD\Backup-Lop\Hosts folder moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\LOCALS~1\Temp folder moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\LOCALS~1 folder moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\Cookies folder moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner folder moved successfully.
C:\Lop SD\Backup-Lop\DOCUME~1 folder moved successfully.
C:\Lop SD\Backup-Lop folder moved successfully.
C:\Lop SD folder moved successfully.
C:\s moved successfully.

OTM by OldTimer - Version 3.1.4.0 log created on 01072010_004603

Thanks again.

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 7th January 2010, 12:55 am

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 7th January 2010, 1:09 am

Thanks Belahzur, your help is much appreciated.

Machine running very sweetly.

OTMoveIt clean up completed and OTM gone.

I really can't thank you enough for your help and your knowledge, amazing!

I'm not a rich man but will definitely be making a donation - and I'll open a Facebook account and do that thing (?) too.

Hopefully, I can return the favour somehow/someday etc.

Many many thanks, sHd

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by Belahzur on 7th January 2010, 1:11 am

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Antivirus Live not removed by Malwarebytes' Anti-Malware?

Post by shoulderhead on 7th January 2010, 2:27 am

Just a final note of thanks to end this thread, Belahzur.

Have followed all your recommendations - and learnt alot in the process.

Although I'm now using Mozilla Firefox, I haven't completely deleted Internet Explorer 8, as it seems that my Microsoft Updates (and a couple of others) are depending on it (although I've removed the icon so people won't use it). I'm sure I can change this at a later date, but for now everything is working so well that I'm happy to leave things as they are.

Done the feedback, donation etc. Not done Facebook yet, but will get round to it tomorrow (after work - again).

Thanks again for all your help and recommendations, it is tremendously appreciated.

All strength to you and the site.

With very best wishes and deep gratitude, sHd

shoulderhead
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP Mac OS X 10.5.8
Protection Protection : AVG on XP - Nothing on Macbook
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum