antivir pro

View previous topic View next topic Go down

antivir pro

Post by jeffrey54 on 6th August 2010, 7:21 pm

Hello, I have antivir pro loading on my computer and multiple error messages. I changed the proxy settings so I could access the internet, but was unable to download hijack this. My hijackthis and mbam programs produce error messages when I try to run. Thank you, Jeff

jeffrey54
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-07-14
OS OS : XP
Points Points : 27158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by Sneakyone on 6th August 2010, 7:22 pm

Hi, Welcome to GeekPolice.net!

Could you please go into Safe Mode with Networking and run this:

To get into Safe Mode with Networking please restart your computer and rapidly tap F8 until it asks what mode you want to boot into, please choose Safe Mode with Networking, then download and run the following:

(If you cannot download in Safe Mode, please try transferring it over to in the infected machine with a USB Drive.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by jeffrey54 on 6th August 2010, 10:04 pm

Thank you, sneakyone!


ComboFix 10-08-06.01 - jeff 08/06/2010 14:15:09.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1781 [GMT -8:00]
Running from: c:\documents and settings\jeff\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jeff\Local Settings\Application Data\dxfniucap
c:\documents and settings\jeff\Local Settings\Application Data\dxfniucap\qqqifavtssd.exe
C:\Images
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\jeff\Local Settings\Application Data\dxfniucap\qqqifavtssd.exe
c:\images\DirCfg.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-07-24 00:12 . 2010-07-24 00:12 388096 ----a-r- c:\documents and settings\jeff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-23 23:44 . 2010-07-23 23:44 -------- d-----w- c:\program files\Trend Micro
2010-07-23 14:11 . 2010-07-23 14:11 -------- d-----w- c:\program files\iPod
2010-07-23 14:06 . 2010-07-23 14:06 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-22 19:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-22 19:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-22 19:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-22 19:02 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-21 14:55 . 2010-08-06 22:02 118784 ----a-w- c:\windows\system32\chg.exe
2010-07-16 19:47 . 2010-07-16 19:47 711168 ----a-w- c:\documents and settings\dprins\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-07-16 16:58 . 2010-07-19 16:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-15 23:00 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 20:52 . 2010-07-15 20:52 77568 ----a-w- c:\windows\system32\drivers\WUDFPF.SYS
2010-07-15 19:40 . 2010-07-15 20:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-10 16:11 . 2010-07-10 16:11 -------- d-----w- c:\documents and settings\drvictor\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 16:28 . 2008-12-12 15:34 -------- d-----w- c:\program files\Wisdom
2010-07-23 14:12 . 2010-06-18 14:37 -------- d-----w- c:\program files\iTunes
2010-07-23 14:11 . 2010-01-04 05:17 -------- d-----w- c:\program files\Common Files\Apple
2010-07-15 23:10 . 2008-11-17 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-06 18:50 . 2010-07-08 23:57 171904 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-05 07:46 . 2010-07-05 07:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-05 07:46 . 2010-07-05 07:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-30 19:31 . 2010-06-30 19:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-29 18:10 . 2010-06-29 18:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-29 17:54 . 2010-06-29 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-23 06:50 . 2010-02-25 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 14:39 . 2010-01-04 15:39 -------- d-----w- c:\documents and settings\dprins\Application Data\Apple Computer
2010-06-18 14:35 . 2010-06-18 14:35 -------- d-----w- c:\program files\Bonjour
2010-06-18 14:31 . 2010-05-03 18:18 -------- d-----w- c:\program files\Safari
2010-06-18 14:30 . 2010-06-18 14:30 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2006-02-28 02:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-19 00:35 . 2010-05-19 00:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-19 00:35 . 2010-05-19 00:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 15:29 . 2010-05-11 15:29 666112 ----a-w- c:\documents and settings\dprins\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-1-20 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 17:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-12 15:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/19/2008 7:57 AM 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/19/2008 7:57 AM 108552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/19/2008 7:57 AM 335240]
S1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 2:28 AM 80128]
S2 0098011228158574mcinstcleanup;McAfee Application Installer Cleanup (0098011228158574);c:\docume~1\ADMINI~1\LOCALS~1\Temp\009801~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\009801~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/9/2009 9:55 AM 297752]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/17/2008 11:51 AM 576024]
S3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 2:28 AM 21888]
S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 2:28 AM 5888]
S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 2:28 AM 70784]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride =
FF - ProfilePath - c:\documents and settings\jeff\Application Data\Mozilla\Firefox\Profiles\wgvfa3ci.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-dcvrrvmm - c:\documents and settings\jeff\Local Settings\Application Data\dxfniucap\qqqifavtssd.exe
HKLM-Run-dcvrrvmm - c:\documents and settings\jeff\Local Settings\Application Data\dxfniucap\qqqifavtssd.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
.
Completion time: 2010-08-06 14:24:12
ComboFix-quarantined-files.txt 2010-08-06 22:24

Pre-Run: 44,928,225,280 bytes free
Post-Run: 46,055,038,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A56D2C2F33D599CC6A1D1F8DCEA2FF1F

jeffrey54
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-07-14
OS OS : XP
Points Points : 27158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by jeffrey54 on 6th August 2010, 10:37 pm

I'm sorry, things were looking better so I ran MBAM- I should have waited for instructions. Here is the log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4401

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/6/2010 3:16:10 PM
mbam-log-2010-08-06 (15-16-10).txt

Scan type: Quick scan
Objects scanned: 151481
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jeffrey54
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-07-14
OS OS : XP
Points Points : 27158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by Sneakyone on 6th August 2010, 11:50 pm

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride =

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by jeffrey54 on 7th August 2010, 12:19 am

Ok, I reran combofix. I will be away for a few days so I will follow the rest of your instructions next wk. Thanks very much!


ComboFix 10-08-06.01 - jeff 08/06/2010 17:05:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1431 [GMT -8:00]
Running from: c:\documents and settings\jeff\Desktop\Combofix.exe
Command switches used :: c:\documents and settings\jeff\Desktop\CFScript.txt
AV: AVG Anti-Virus SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-06 23:12 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 23:12 . 2010-08-06 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 23:12 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 22:10 . 2010-08-06 22:24 -------- d-----w- C:\commy
2010-07-24 00:12 . 2010-07-24 00:12 388096 ----a-r- c:\documents and settings\jeff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-23 23:44 . 2010-07-23 23:44 -------- d-----w- c:\program files\Trend Micro
2010-07-23 14:11 . 2010-07-23 14:11 -------- d-----w- c:\program files\iPod
2010-07-23 14:06 . 2010-07-23 14:06 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-22 19:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-22 19:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-22 19:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-22 19:02 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-16 19:47 . 2010-07-16 19:47 711168 ----a-w- c:\documents and settings\carl\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-07-16 16:58 . 2010-07-19 16:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-15 23:00 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 20:52 . 2010-07-15 20:52 77568 ----a-w- c:\windows\system32\drivers\WUDFPF.SYS
2010-07-15 19:40 . 2010-07-15 20:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-10 16:11 . 2010-07-10 16:11 -------- d-----w- c:\documents and settings\jeff\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 01:02 . 2008-12-12 15:34 -------- d-----w- c:\program files\Wisdom
2010-07-23 14:12 . 2010-06-18 14:37 -------- d-----w- c:\program files\iTunes
2010-07-23 14:11 . 2010-01-04 05:17 -------- d-----w- c:\program files\Common Files\Apple
2010-07-15 23:10 . 2008-11-17 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-06 18:50 . 2010-07-08 23:57 171904 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-05 07:46 . 2010-07-05 07:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-05 07:46 . 2010-07-05 07:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-30 19:31 . 2010-06-30 19:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-29 18:10 . 2010-06-29 18:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-29 17:54 . 2010-06-29 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-18 14:39 . 2010-01-04 15:39 -------- d-----w- c:\documents and settings\carl\Application Data\Apple Computer
2010-06-18 14:35 . 2010-06-18 14:35 -------- d-----w- c:\program files\Bonjour
2010-06-18 14:31 . 2010-05-03 18:18 -------- d-----w- c:\program files\Safari
2010-06-18 14:30 . 2010-06-18 14:30 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2006-02-28 02:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-19 00:35 . 2010-05-19 00:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-19 00:35 . 2010-05-19 00:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 15:29 . 2010-05-11 15:29 666112 ----a-w- c:\documents and settings\carl\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-1-20 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 17:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-12 15:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/19/2008 7:57 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/19/2008 7:57 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/19/2008 7:57 AM 108552]
R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 2:28 AM 80128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/9/2009 9:55 AM 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/17/2008 11:51 AM 576024]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 2:28 AM 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 2:28 AM 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 2:28 AM 70784]
S2 0098011228158574mcinstcleanup;McAfee Application Installer Cleanup (0098011228158574);c:\docume~1\ADMINI~1\LOCALS~1\Temp\009801~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\009801~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\jeff\Application Data\Mozilla\Firefox\Profiles\wgvfa3ci.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-06 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-06 17:10:15
ComboFix-quarantined-files.txt 2010-08-07 01:10
ComboFix2.txt 2010-08-06 22:24

Pre-Run: 43,887,230,976 bytes free
Post-Run: 43,898,691,584 bytes free

- - End Of File - - 20D38656318A534F9F1D715D9BF951E6

jeffrey54
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-07-14
OS OS : XP
Points Points : 27158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivir pro

Post by Sneakyone on 7th August 2010, 3:16 am

Hi.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56104
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: antivir pro

    Post by jeffrey54 on 11th August 2010, 9:12 pm

    Hi, the computer seems to running well now. Thanks for your help. Here is the kaspersky scan:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, August 11, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, August 11, 2010 11:42:51
    Records in database: 4128448
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    T:\

    Scan statistics:
    Objects scanned: 83215
    Threats found: 2
    Infected objects found: 3
    Suspicious objects found: 0
    Scan duration: 01:55:46


    File name / Threat / Threats count
    C:\Documents and Settings\Administrator\Local Settings\Temp\7zS1.tmp\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2TQ7QJUJ\TVRemote[1].exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
    C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

    Selected area has been scanned.

    jeffrey54
    Novice
    Novice

    Posts Posts : 14
    Joined Joined : 2009-07-14
    OS OS : XP
    Points Points : 27158
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: antivir pro

    Post by Sneakyone on 12th August 2010, 9:06 pm

    Hi.


    Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

    Updating System Restore
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE.


    You now have a clean restore point.

    To get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do a calculation of temporary/old files, and then display a dialogue box.
    • Select the More Options Tab.
    • At the bottom will be a System Restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done.


    ========

    Removing the tools
    Now, to remove all of the tools we used and the files and folders they created, please do the following:

    Download [You must be registered and logged in to see this link.] by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    ============

    Service Pack upgrade
    Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

    More info about SP3: [You must be registered and logged in to see this link.]

    =====

    Update Programs
    Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Please download the newest version of Java from [You must be registered and logged in to see this link.].

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    ===============

    Here are some prevention tips I have provided:

    1. Don't download files from untrusted websites or websites that seem suspious.

    2. Don't use torrents they are a good way to get lots of malware.

    3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

    4. Disable autorun [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

    5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

    6. Don't ever click on the links inside of a popup.

    7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

    8. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.]

    9. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] to keep you more safe.

    10. Always keep your [You must be registered and logged in to see this link.] and Adobe updated.

    11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

    12. Always have a Firewall and a Antivirus.

    Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

    For more information please visit [You must be registered and logged in to see this link.]


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56104
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum