WiredWX Hobby Weather ToolsLog in

 


please help - Antivirus Live/Antivirus System Pro

3 posters

descriptionplease help - Antivirus Live/Antivirus System Pro Emptyplease help - Antivirus Live/Antivirus System Pro

more_horiz
Hi, this is my first time posting something like this, but hopefully i can explain everything correctly and someone can help. My computer is trashed. I get a windows security pop up every so often about how my computer is affected by spyware and i now have Antivirus Live and Antivirus System Pro on my computer. I can't use any applications or programs like task manager or Internet Explorer. When i try to use the internet, i get redirected to the antivirus website. I can only use it right when i turn it on and log on, but after about 30 seconds, it gets taken over. Here is my Hijack This log, and i hope i did it right. Someone please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:15 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\regsvr32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [hqdjeaho] C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hqdjeaho] C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9202 bytes

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please download ComboFix please help - Antivirus Live/Antivirus System Pro Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

please help - Antivirus Live/Antivirus System Pro Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
please help - Antivirus Live/Antivirus System Pro RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionplease help - Antivirus Live/Antivirus System Pro Emptycombofix log

more_horiz
here is the log from ComboFix

ComboFix 09-12-08.03 - Anthony 12/08/2009 14:28:12.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.898 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg
c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
c:\documents and settings\Anthony\Start Menu\Programs\Startup\scandisk.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Threat Expert
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Avanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-27 04:17 . 2009-11-27 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\87930431
2009-11-23 20:07 . 2009-11-29 05:24 79488 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:\program files\World of Warcraft
2009-10-29 03:43 . 2007-06-08 18:22 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-11 05:51 . 2009-10-11 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-11 02:25 . 2006-12-09 16:07 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 00:43 . 2009-10-05 03:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-10 22:25 . 2009-10-10 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-11 14:18 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-29_03.39.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 04:14 . 2009-11-29 04:14 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-11-30 08:00 . 2009-11-30 08:00 195584 c:\windows\Installer\5f5f69f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [9/1/2007 5:58 AM 20496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-hqdjeaho - c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
HKLM-Run-hqdjeaho - c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-12-08 14:36:58
ComboFix-quarantined-files.txt 2009-12-08 19:36
ComboFix2.txt 2009-11-29 03:49

Pre-Run: 6,591,483,904 bytes free
Post-Run: 6,569,078,784 bytes free

- - End Of File - - 36F3CF6E61530F40CD6A9406E17623DF

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
please help - Antivirus Live/Antivirus System Pro Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
here is the malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3325
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/8/2009 9:28:34 PM
mbam-log-2009-12-08 (21-28-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187101
Time elapsed: 45 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\87930431 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Chris\ntuser.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP878\A0194410.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP879\A0194484.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP879\A0194489.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
here is the f scanner report.

Scanning Report
Thursday, December 10, 2009 01:00:46 - 06:00:15
Computer name: BOPREY1
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

13 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Specificclick (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Trojan.Script.236197 (virus)
C:\DOCUMENTS AND SETTINGS\ANTHONY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RXIQNR7E\AD[1].JS (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31465
System: 2990
Not scanned: 153
Actions:
Disinfected: 12
Renamed: 1
Deleted: 0
Not cleaned: 0
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE
C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\DOCUMENTS AND SETTINGS\ANTHONY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LPPKCO1O\SYSTEMSCAN-CHECK_NET[1].HTM
C:\8095E69BC3DB2D8B58\ADMPARSE.DLL
C:\8095E69BC3DB2D8B58\ADVPACK.DLL
C:\8095E69BC3DB2D8B58\CORPOL.DLL
C:\8095E69BC3DB2D8B58\CUSTSAT.DLL
C:\8095E69BC3DB2D8B58\DXTRANS.DLL
C:\8095E69BC3DB2D8B58\DXTMSFT.DLL
C:\8095E69BC3DB2D8B58\EXTMGR.DLL
C:\8095E69BC3DB2D8B58\BROWSEUI.DLL
C:\8095E69BC3DB2D8B58\HMMAPI.DLL
C:\8095E69BC3DB2D8B58\IE4UINIT.EXE
C:\8095E69BC3DB2D8B58\ICARDIE.DLL
C:\8095E69BC3DB2D8B58\IEAKENG.DLL
C:\8095E69BC3DB2D8B58\IEAKMMC.CHM
C:\8095E69BC3DB2D8B58\IEAKUI.DLL
C:\8095E69BC3DB2D8B58\IEAKSIE.DLL
C:\8095E69BC3DB2D8B58\IEAPFLTR.DLL
C:\8095E69BC3DB2D8B58\IEDW.EXE
C:\8095E69BC3DB2D8B58\IEEULA.CHM
C:\8095E69BC3DB2D8B58\IEENCODE.DLL
C:\8095E69BC3DB2D8B58\IEDKCS32.DLL
C:\8095E69BC3DB2D8B58\IERNONCE.DLL
C:\8095E69BC3DB2D8B58\IEPEERS.DLL
C:\8095E69BC3DB2D8B58\IEPROXY.DLL
C:\8095E69BC3DB2D8B58\IESETUP.DLL
C:\8095E69BC3DB2D8B58\IESUPP.CHM
C:\8095E69BC3DB2D8B58\IERTUTIL.DLL
C:\8095E69BC3DB2D8B58\IEUINIT.INF
C:\8095E69BC3DB2D8B58\IEUDINIT.EXE
C:\8095E69BC3DB2D8B58\IEXPLORE.CHM
C:\8095E69BC3DB2D8B58\IMGUTIL.DLL
C:\8095E69BC3DB2D8B58\INETCPL.CPL
C:\8095E69BC3DB2D8B58\IEUI.DLL
C:\8095E69BC3DB2D8B58\IEFRAME.DLL
C:\8095E69BC3DB2D8B58\JSPROXY.DLL
C:\8095E69BC3DB2D8B58\IEXPLORE.EXE
C:\8095E69BC3DB2D8B58\INSENG.DLL
C:\8095E69BC3DB2D8B58\LICMGR10.DLL
C:\8095E69BC3DB2D8B58\MSFEEDSBS.DLL
C:\8095E69BC3DB2D8B58\MSFEEDSSYNC.EXE
C:\8095E69BC3DB2D8B58\JSCRIPT.DLL
C:\8095E69BC3DB2D8B58\MSHTA.EXE
C:\8095E69BC3DB2D8B58\MSHTML.TLB
C:\8095E69BC3DB2D8B58\MSFEEDS.DLL
C:\8095E69BC3DB2D8B58\MSHTMLER.DLL
C:\8095E69BC3DB2D8B58\MSLS31.DLL
C:\8095E69BC3DB2D8B58\MSRATING.DLL
C:\8095E69BC3DB2D8B58\MSHTMLED.DLL
C:\8095E69BC3DB2D8B58\OCCACHE.INI
C:\8095E69BC3DB2D8B58\OCCACHE.DLL
C:\8095E69BC3DB2D8B58\PNGFILT.DLL
C:\8095E69BC3DB2D8B58\MSTIME.DLL
C:\8095E69BC3DB2D8B58\SPMSG.DLL
C:\8095E69BC3DB2D8B58\SHLWAPI.DLL
C:\8095E69BC3DB2D8B58\MSHTML.DLL
C:\8095E69BC3DB2D8B58\SPUPDSVC.EXE
C:\8095E69BC3DB2D8B58\TDC.OCX
C:\8095E69BC3DB2D8B58\SPUNINST.EXE
C:\8095E69BC3DB2D8B58\SHDOCVW.DLL
C:\8095E69BC3DB2D8B58\URL.DLL
C:\8095E69BC3DB2D8B58\VBSCRIPT.DLL
C:\8095E69BC3DB2D8B58\WEBCHECK.INI
C:\8095E69BC3DB2D8B58\WEBCHECK.DLL
C:\8095E69BC3DB2D8B58\VGX.DLL
C:\8095E69BC3DB2D8B58\URLMON.DLL
C:\8095E69BC3DB2D8B58\WINFXDOCOBJ.EXE
C:\002C646DC282802160\ADMPARSE.DLL
C:\002C646DC282802160\CORPOL.DLL
C:\002C646DC282802160\ADVPACK.DLL
C:\002C646DC282802160\CUSTSAT.DLL
C:\8095E69BC3DB2D8B58\WININET.DLL
C:\002C646DC282802160\BROWSEUI.DLL
C:\002C646DC282802160\DXTRANS.DLL
C:\002C646DC282802160\EXTMGR.DLL
C:\002C646DC282802160\DXTMSFT.DLL
C:\002C646DC282802160\IE4UINIT.EXE
C:\002C646DC282802160\HMMAPI.DLL
C:\002C646DC282802160\IEAKMMC.CHM
C:\002C646DC282802160\ICARDIE.DLL
C:\002C646DC282802160\IEAKENG.DLL
C:\002C646DC282802160\IEAKUI.DLL
C:\002C646DC282802160\IEAKSIE.DLL
C:\002C646DC282802160\IEENCODE.DLL
C:\002C646DC282802160\IEAPFLTR.DLL
C:\002C646DC282802160\IEDKCS32.DLL
C:\002C646DC282802160\IEDW.EXE
C:\002C646DC282802160\IEEULA.CHM
C:\002C646DC282802160\IERNONCE.DLL
C:\002C646DC282802160\IEPEERS.DLL
C:\002C646DC282802160\IESETUP.DLL
C:\002C646DC282802160\IEPROXY.DLL
C:\002C646DC282802160\IESUPP.CHM
C:\002C646DC282802160\IEUDINIT.EXE
C:\002C646DC282802160\IEUINIT.INF
C:\002C646DC282802160\IERTUTIL.DLL
C:\002C646DC282802160\IEXPLORE.CHM
C:\002C646DC282802160\IEUI.DLL
C:\002C646DC282802160\IMGUTIL.DLL
C:\002C646DC282802160\INETCPL.CPL
C:\002C646DC282802160\IEXPLORE.EXE
C:\002C646DC282802160\INSENG.DLL
C:\002C646DC282802160\IEFRAME.DLL
C:\002C646DC282802160\JSPROXY.DLL
C:\002C646DC282802160\LICMGR10.DLL
C:\002C646DC282802160\JSCRIPT.DLL
C:\002C646DC282802160\MSFEEDSBS.DLL
C:\002C646DC282802160\MSFEEDSSYNC.EXE
C:\002C646DC282802160\MSFEEDS.DLL
C:\002C646DC282802160\MSHTML.TLB
C:\002C646DC282802160\MSHTA.EXE
C:\002C646DC282802160\MSHTMLER.DLL
C:\002C646DC282802160\MSLS31.DLL
C:\002C646DC282802160\MSRATING.DLL
C:\002C646DC282802160\MSHTMLED.DLL
C:\002C646DC282802160\OCCACHE.INI
C:\002C646DC282802160\PNGFILT.DLL
C:\002C646DC282802160\OCCACHE.DLL
C:\002C646DC282802160\MSTIME.DLL
C:\002C646DC282802160\SPMSG.DLL
C:\002C646DC282802160\MSHTML.DLL
C:\002C646DC282802160\SPUPDSVC.EXE
C:\002C646DC282802160\TDC.OCX
C:\002C646DC282802160\SPUNINST.EXE
C:\002C646DC282802160\SHLWAPI.DLL
C:\002C646DC282802160\SHDOCVW.DLL
C:\002C646DC282802160\URL.DLL
C:\002C646DC282802160\VBSCRIPT.DLL
C:\002C646DC282802160\WEBCHECK.INI
C:\002C646DC282802160\WEBCHECK.DLL
C:\002C646DC282802160\VGX.DLL
C:\002C646DC282802160\URLMON.DLL
C:\002C646DC282802160\WINFXDOCOBJ.EXE
C:\002C646DC282802160\WININET.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
heres the new MBAM log.

Malwarebytes' Anti-Malware 1.42
Database version: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/10/2009 9:55:31 PM
mbam-log-2009-12-10 (21-55-31).txt

Scan type: Quick Scan
Objects scanned: 128866
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
so my computer has been running great since you started helping me, but for some reason last night, the virus came back. Now my desktop background also changes to some different colors and has a big security warning in the middle of it. When i log in to my computer, i get a warning saying my computer has a worm called netsky or something. I wasnt able to do the security check, and i didnt want to do anything before making sure it was ok first. I was able to get a hijack this log if it helps. I also have a question, since i have to run hijack this before the virus kicks in, will it be missing anything important in the log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 AM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\winlogon86.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\DOCUME~1\Anthony\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\Anthony\LOCALS~1\Temp\kzffyy23nw.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: C:\WINDOWS\system32\md2092f86.dll - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\md2092f86.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [StartServiceNMDECMPM] C:\Documents and Settings\Anthony\Local Settings\Application Data\NMDECMPM\StartService.exe
O4 - HKLM\..\Run: [ngqbbvca] C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\tipifipo.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Anthony\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Anthony\LOCALS~1\Temp\smss.exe
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Anthony\LOCALS~1\Temp\kzffyy23nw.exe
O4 - HKCU\..\Run: [ngqbbvca] C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: busareki.dll
O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll
O21 - SSODL: tofikovif - {0f0303d7-b313-46f0-a824-7da248cc9dea} - c:\windows\system32\tipifipo.dll
O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\md2092f86.dll
O22 - SharedTaskScheduler: jugezatag - {0f0303d7-b313-46f0-a824-7da248cc9dea} - c:\windows\system32\tipifipo.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10231 bytes

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please download the Kaspersky AVP Tool from Kaspersky-labs.com.
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
i got the kapersky tool on the desktop but my computer wont run in safe mode. When i choose to, i get a blue screen that says a problem has been detected and windows has been shut down to protect my computer

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
please help - Antivirus Live/Antivirus System Pro Icon13 Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.please help - Antivirus Live/Antivirus System Pro 2hd457o

please help - Antivirus Live/Antivirus System Pro 34gul1w

Set it to Maximum

please help - Antivirus Live/Antivirus System Pro 2n9gldh

please help - Antivirus Live/Antivirus System Pro Icon13 IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.please help - Antivirus Live/Antivirus System Pro 2ekm73m

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Here is the url of the report. Also, when i turned my computer, Anti-virus Pro or whatever was gone and i was able to run programs for some reason. My desktop was still changed though and i was getting some bad pop-ups.

http://www.getsysteminfo.com/read.php?file=dc8c70b4e5b3019410cc4f7116951c40

descriptionplease help - Antivirus Live/Antivirus System Pro EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum