WiredWX Hobby Weather ToolsLog in

 


descriptionantivirus pro 2010 Emptyantivirus pro 2010

more_horiz
So I got the antivirus pro message last night. I found your website and used malwarebytes to try and get rid of AVP. I kept getting a message that not all the files could be removed but that they were logged and would be deleted when I rebooted. They were clearly not deleted. After I ran the simple scan 3 or 4 times it finally said that everything was gone. But once I rebooted AVP was still on my computer. Then I ran the more advanced scan 2 and both times I got the same message as before about not all files being removed but they would be deleted when I rebooted. Again, as soon as the computer came on, before I even went online, I had messages from AVP. Here's my logfile and hopefully you can help me fix my computer.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:32 PM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Application Data\seres.exe
C:\Documents and Settings\Administrator\Application Data\svcst.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B3A89JGP\winlogon[1].scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Administrator\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Administrator\Application Data\svcst.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 8374 bytes

descriptionantivirus pro 2010 EmptyRe: antivirus pro 2010

more_horiz
Hi

Please download ComboFixantivirus pro 2010 Combofix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:

antivirus pro 2010 Cf110
antivirus pro 2010 Cf210

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:

antivirus pro 2010 Cf410
antivirus pro 2010 Cf510

  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

descriptionantivirus pro 2010 EmptyRe: antivirus pro 2010

more_horiz
After trying to run combofix, my internet disconnected (as expected) but then I couldn't reconnect to install the recovey console. Combofix still ran the scan but I am still getting antivirus pro messages.

Here's the log:

ComboFix 09-09-23.02 - Administrator 09/24/2009 11:22.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.77 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\aceveceqy.ban
c:\documents and settings\Administrator\Application Data\amogohy.exe
c:\documents and settings\Administrator\Application Data\fikafetahu.pif
c:\documents and settings\Administrator\Application Data\hykidagol.bat
c:\documents and settings\Administrator\Application Data\ikemohel.bin
c:\documents and settings\Administrator\Application Data\ikuresaq.inf
c:\documents and settings\Administrator\Application Data\joribac.reg
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Application Data\otubu._dl
c:\documents and settings\Administrator\Application Data\vagi.com
c:\documents and settings\Administrator\Application Data\ykuhubez.lib
c:\documents and settings\Administrator\Cookies\abujunatem.vbs
c:\documents and settings\Administrator\Cookies\abuti.pif
c:\documents and settings\Administrator\Cookies\axenypew.pif
c:\documents and settings\Administrator\Cookies\fuwitady.bat
c:\documents and settings\Administrator\Cookies\fyvyguha.pif
c:\documents and settings\Administrator\Cookies\kimes.bat
c:\documents and settings\Administrator\Cookies\mepysy.db
c:\documents and settings\Administrator\Cookies\miby.pif
c:\documents and settings\Administrator\Cookies\moxaxehuri.lib
c:\documents and settings\Administrator\Cookies\oxedekinaf.lib
c:\documents and settings\Administrator\Cookies\ukygu.bat
c:\documents and settings\Administrator\Cookies\upewucow._dl
c:\documents and settings\Administrator\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Local Settings\Application Data\gacyh.bin
c:\documents and settings\Administrator\Local Settings\Application Data\gimakoqo._sy
c:\documents and settings\Administrator\Local Settings\Application Data\lanuwomu.bin
c:\documents and settings\Administrator\Local Settings\Application Data\lazuxymo.reg
c:\documents and settings\Administrator\Local Settings\Application Data\nuzahaweku._sy
c:\documents and settings\Administrator\Local Settings\Application Data\ocucuce.reg
c:\documents and settings\Administrator\Local Settings\Application Data\ugiga.dll
c:\documents and settings\Administrator\Local Settings\Application Data\vygox._sy
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\abubusig.pif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\asehib.dll
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\efyvuz.scr
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\moko.scr
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\napapatix.dl
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\nohugaki.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\oqapeja.vbs
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\osycarehic.com
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ozytom.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\rejutav.pif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ritida.vbs
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\susa.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ufokyhylag.bin
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ydifemif.reg
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\All Users\Application Data\axyzipu.inf
c:\documents and settings\All Users\Application Data\ebaqo.com
c:\documents and settings\All Users\Application Data\edilaka.com
c:\documents and settings\All Users\Application Data\iqico.lib
c:\documents and settings\All Users\Application Data\jolulytu.reg
c:\documents and settings\All Users\Application Data\purupifys.bat
c:\documents and settings\All Users\Application Data\upaxybumuf.bat
c:\documents and settings\All Users\Application Data\uqekuha.reg
c:\documents and settings\All Users\Application Data\usyseximub.pif
c:\documents and settings\All Users\Application Data\uzukofyji.dl
c:\documents and settings\All Users\Application Data\xadyves.bat
c:\documents and settings\All Users\Application Data\ysedamuj.vbs
c:\documents and settings\All Users\Documents\ducu.inf
c:\documents and settings\All Users\Documents\egaga.pif
c:\documents and settings\All Users\Documents\jexuwapi._dl
c:\documents and settings\All Users\Documents\jobigimug.inf
c:\documents and settings\All Users\Documents\jute.com
c:\documents and settings\All Users\Documents\jycyfu.inf
c:\documents and settings\All Users\Documents\kewevyse.ban
c:\documents and settings\All Users\Documents\nedec.com
c:\documents and settings\All Users\Documents\nomuzepawu.vbs
c:\documents and settings\All Users\Documents\omyfexaji.com
c:\documents and settings\All Users\Documents\unoqucu.bat
c:\documents and settings\All Users\Documents\xeco.dll
c:\documents and settings\All Users\Documents\xyhujove.scr
c:\documents and settings\All Users\Documents\yvyrod.dl
c:\documents and settings\All Users\Documents\zojawi.reg
c:\documents and settings\All Users\Documents\zysahoze.bin
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\ajudyhiz.pif
c:\program files\Common Files\ezopofoq.exe
c:\program files\Common Files\icetufyquc.scr
c:\program files\Common Files\ifaxyvody.com
c:\program files\Common Files\ilydig.vbs
c:\program files\Common Files\totef.bin
c:\program files\Common Files\udycedy.bin
c:\program files\Common Files\ulinyzew.pif
c:\program files\Common Files\vagib._dl
c:\program files\Common Files\yvihagi.bin
c:\windows\awamolajig.pif
c:\windows\cefoqub.bin
c:\windows\cuvedo.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\esabi.exe
c:\windows\evevijel.reg
c:\windows\icososyfi.pif
c:\windows\ijiwakaw.ban
c:\windows\Installer\1f2e74.msp
c:\windows\Installer\1f2e75.msp
c:\windows\isyni.sys
c:\windows\jutijyvo.dll
c:\windows\limasehuto._dl
c:\windows\nahusupaq._dl
c:\windows\namewir.dl
c:\windows\nocurew.pif
c:\windows\olutuliq.inf
c:\windows\omuciqip.dll
c:\windows\onoryfybo.inf
c:\windows\opeku.scr
c:\windows\otuhox.exe
c:\windows\ovedyb._dl
c:\windows\pywirogem.bat
c:\windows\qojug.bin
c:\windows\quhogepic.reg
c:\windows\ravisal.dl
c:\windows\system32\_scui.cpl
c:\windows\system32\bapobehut.vbs
c:\windows\system32\cofus.pif
c:\windows\system32\dobuco.inf
c:\windows\system32\drivers\fad.sys
c:\windows\system32\evipo.inf
c:\windows\system32\evowir.bat
c:\windows\system32\fifuwaseg.reg
c:\windows\system32\gorytuq.reg
c:\windows\system32\guzixuto.dl
c:\windows\system32\nsprs.dll
c:\windows\system32\odisyqitip.inf
c:\windows\system32\ofebyjif.exe
c:\windows\system32\pociqon.ban
c:\windows\system32\qazukym.pif
c:\windows\system32\sabugati.scr
c:\windows\system32\socilamuxu.vbs
c:\windows\system32\ssprs.dll
c:\windows\system32\tibywe.pif
c:\windows\system32\uxavokoqah.exe
c:\windows\ukudazijas.dll
c:\windows\viravez.bat
c:\windows\waquryhet.vbs
c:\windows\ycalufejy.bin
c:\windows\yhipyk.scr

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 02:27 . 2009-09-24 02:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-24 02:25 . 2009-09-24 02:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-24 02:25 . 2009-09-24 02:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-24 02:21 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-24 02:20 . 2009-09-24 02:20 -------- d-----w- c:\windows\ie8updates
2009-09-24 02:19 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-24 02:19 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-24 02:14 . 2009-09-24 02:18 -------- dc-h--w- c:\windows\ie8
2009-09-24 01:49 . 2009-09-24 01:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 01:47 . 2009-09-24 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-24 01:47 . 2009-09-24 01:47 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-24 01:46 . 2009-09-24 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-24 01:30 . 2009-09-24 01:30 12386 ----a-w- c:\windows\system32\bosut.com
2009-09-24 01:30 . 2009-09-24 01:30 10813 ----a-w- c:\windows\reny.dat
2009-09-23 22:44 . 2009-09-23 22:44 15311 ----a-w- c:\windows\system32\febu.com
2009-09-23 22:44 . 2009-09-23 22:44 16846 ----a-w- c:\windows\todul.dat
2009-09-23 22:44 . 2009-09-23 22:44 12767 ----a-w- c:\program files\Common Files\lynosiza.dat
2009-09-23 18:49 . 2009-09-23 18:49 15565 ----a-w- c:\windows\system32\abokuxymaj.dat
2009-09-23 18:49 . 2009-09-23 18:49 11414 ----a-w- c:\program files\Common Files\nalofu.dat
2009-09-23 07:33 . 2009-09-23 07:33 17907 ----a-w- c:\windows\bibicyber.dat
2009-09-23 06:55 . 2009-09-23 06:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-23 06:54 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 06:54 . 2009-09-23 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 06:54 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 06:54 . 2009-09-23 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:41 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-25 18:56 . 2009-08-25 18:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Linksys
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Funk Software
2009-08-25 18:55 . 2009-08-25 18:55 -------- d-----w- c:\program files\Common Files\Funk Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 01:34 . 2008-06-24 00:22 -------- d-----w- c:\program files\Java
2009-09-24 01:30 . 2009-09-24 01:30 15157 ----a-w- c:\program files\Common Files\epivujucu._sy
2009-09-24 01:30 . 2009-09-24 01:30 13669 ----a-w- c:\documents and settings\Administrator\Application Data\sycesef.dat
2009-09-24 01:23 . 2009-09-24 01:23 159856 ----a-w- c:\documents and settings\Administrator\Application Data\lizkavd.exe
2009-09-23 22:44 . 2009-09-23 22:44 15939 ----a-w- c:\program files\Common Files\roke._sy
2009-09-23 18:49 . 2009-09-23 18:49 19873 ----a-w- c:\documents and settings\Administrator\Application Data\yqakako.dat
2009-09-23 18:49 . 2009-09-23 18:49 14422 ----a-w- c:\documents and settings\All Users\Application Data\ypaxur.dat
2009-09-23 18:49 . 2009-09-23 18:49 17438 ----a-w- c:\program files\Common Files\zitu.db
2009-09-23 18:25 . 2007-04-10 17:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 06:24 . 2009-09-23 06:24 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 03:25 . 2009-09-23 18:41 14848 ----a-w- c:\documents and settings\Administrator\Application Data\svcst.exe
2009-09-23 03:25 . 2009-09-23 03:25 14848 ----a-w- c:\documents and settings\Administrator\Application Data\seres.exe
2009-09-17 04:14 . 2009-06-07 21:46 -------- d-----w- c:\program files\Graboid
2009-09-09 05:20 . 2008-09-08 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 18:41 . 2007-03-20 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 18:31 . 2009-06-07 21:47 -------- d-----w- c:\program files\VideoLAN
2009-08-11 22:55 . 2007-03-23 05:28 58608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 21:07 . 2009-08-03 21:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 21:07 . 2009-08-03 21:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 21:07 . 2009-08-03 21:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]
"mserv"="c:\documents and settings\Administrator\Application Data\seres.exe" [2009-09-23 14848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-03 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-03 610304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2003-02-24 163840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-3-19 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [3/19/2007 6:26 PM 31799]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [3/19/2007 6:26 PM 33335]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 18:34]

2009-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B3A89JGP\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-746137067-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7f,47,45,28,b0,42,4a,91,59,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7f,47,45,28,b0,42,4a,91,59,f0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1736)
c:\program files\Funk Software\Funk Client\odLogin.dll
.
Completion time: 2009-09-24 11:35
ComboFix-quarantined-files.txt 2009-09-24 17:35

Pre-Run: 28,282,183,680 bytes free
Post-Run: 28,498,092,032 bytes free

303 --- E O F --- 2009-09-09 03:58

descriptionantivirus pro 2010 EmptyRe: antivirus pro 2010

more_horiz
Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\bosut.com
    c:\windows\reny.dat
    c:\windows\system32\febu.com
    c:\windows\todul.dat
    c:\program files\Common Files\lynosiza.dat
    c:\windows\system32\abokuxymaj.dat
    c:\program files\Common Files\nalofu.dat
    c:\windows\bibicyber.dat
    c:\program files\Common Files\epivujucu._sy
    c:\documents and settings\Administrator\Application Data\sycesef.dat
    c:\documents and settings\Administrator\Application Data\lizkavd.exe
    c:\program files\Common Files\roke._sy
    c:\documents and settings\Administrator\Application Data\yqakako.dat
    c:\documents and settings\All Users\Application Data\ypaxur.dat
    c:\program files\Common Files\zitu.db
    c:\documents and settings\Administrator\Application Data\svcst.exe
    c:\documents and settings\Administrator\Application Data\seres.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    antivirus pro 2010 Cf010

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionantivirus pro 2010 EmptyRe: antivirus pro 2010

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum