WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Cannot Completely Remove Antispyware Soft

2 posters

descriptionCannot Completely Remove Antispyware Soft EmptyCannot Completely Remove Antispyware Soft17th May 2010, 3:11 am

more_horiz
I received the the rogue a few days ago. I used Malwarebyte's Anti-Malware to remove it with a quick scan and then followed with a full scan showing no threats. Avast did not detect it with a full scan. I thought the program had been removed but it returned today, so I repeated the Malwarebyte's scan. The program returned after I restarted the PC so I ran Malwarebyte's once again. It seems to be gone now, but it may return. How would I remove the threat permanently? If you have experience with the full Malwarebyte's, would you reccomend it? Avast seems to catch everything except Antispyware Soft.

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft17th May 2010, 5:18 am

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.




Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft17th May 2010, 8:47 pm

more_horiz
Here is the ComboFix log:

ComboFix 10-05-16.02 - Alex 05/17/2010 16:22:27.1.2 - x86
Microsoft®️ Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.747 [GMT -4:00]
Running from: c:\users\Alex\Downloads\Programs\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AbaleZip.dll
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 20:33 . 2010-05-17 20:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-17 20:33 . 2010-05-17 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-17 03:40 . 2010-05-06 14:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 03:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-17 03:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-17 03:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-17 03:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-17 03:25 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-17 03:25 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-17 03:22 . 2010-05-17 03:22 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-17 01:47 . 2010-05-17 02:17 -------- d-----w- c:\users\Alex\AppData\Local\aesentjoe
2010-05-17 01:25 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 01:25 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 00:57 . 2010-05-17 01:30 -------- d-----w- c:\users\Alex\AppData\Local\ipypnerdr
2010-05-15 14:45 . 2007-10-23 13:27 110592 ----a-w- c:\users\Alex\AppData\Roaming\U3\temp\cleanup.exe
2010-05-15 13:49 . 2010-05-15 14:45 -------- d-----w- c:\users\Alex\AppData\Roaming\U3
2010-05-13 19:10 . 2010-05-13 19:10 -------- d-----w- c:\users\Guest\AppData\Roaming\Logitech
2010-05-11 03:32 . 2010-05-11 03:33 -------- d-----w- c:\program files\Ultra Video Splitter
2010-05-11 03:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-11 03:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-11 03:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-11 03:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-11 03:09 . 2010-05-11 00:38 -------- d-----w- C:\found.000
2010-05-11 02:38 . 2010-05-06 20:59 38848 ------w- c:\windows\system32\avastSS.scr
2010-05-11 02:38 . 2010-05-06 20:59 165032 ------w- c:\windows\system32\aswBoot.exe
2010-05-11 02:30 . 2010-05-11 03:12 -------- d-----w- c:\programdata\Alwil Software
2010-05-10 23:25 . 2010-05-10 23:25 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2010-05-10 20:03 . 2010-05-10 20:03 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 20:03 . 2010-05-17 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 19:45 . 2010-05-10 19:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Any Video Converter Professional
2010-05-10 19:45 . 2010-05-10 19:46 -------- d-----w- c:\program files\Any Video Converter Professional
2010-05-10 19:44 . 2010-05-10 23:36 -------- d-----w- c:\users\Alex\AppData\Local\ghymkywhd
2010-05-09 21:09 . 2010-05-09 21:10 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-09 21:07 . 2007-04-12 18:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-05-09 21:07 . 2006-09-26 17:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-05-09 19:01 . 2010-05-11 00:03 -------- d-----w- c:\program files\Free Video Cutter
2010-05-09 18:09 . 2009-02-13 02:38 1622016 ----a-w- c:\windows\system32\MediaInfo.dll
2010-05-09 18:09 . 2009-02-12 22:50 22016 ----a-w- c:\windows\system32\MediaInfoActiveX.dll
2010-05-09 18:01 . 2010-05-09 19:11 -------- d-----w- c:\program files\Freesky Video Splitter
2010-05-09 16:46 . 2010-05-09 19:11 -------- d-----w- c:\program files\Easy Video Splitter
2010-05-09 06:13 . 2010-05-09 18:35 -------- d-----w- c:\program files\Solveig Multimedia
2010-05-09 05:46 . 2010-05-09 05:47 -------- d-----w- c:\program files\Microsoft Expression
2010-05-09 05:16 . 2010-05-09 05:16 -------- d-----w- c:\users\Alex\AppData\Local\Sony
2010-05-09 05:16 . 2010-05-09 05:16 -------- d-----w- c:\users\Alex\AppData\Roaming\Sony
2010-05-09 04:09 . 2010-05-09 11:50 -------- d-----w- c:\users\Alex\AppData\Roaming\avidemux
2010-05-08 19:58 . 2010-05-09 18:06 -------- d-----w- c:\program files\Free Video Joiner
2010-05-08 19:48 . 2010-05-08 19:48 -------- d-----w- c:\users\Alex\AppData\Roaming\FFSJ
2010-05-08 17:03 . 2010-05-08 19:57 -------- d-----w- c:\program files\Peretek
2010-04-23 21:07 . 2010-04-23 21:08 -------- d-----w- c:\users\Alex\AppData\Roaming\acccore
2010-04-23 21:07 . 2010-04-23 21:12 -------- d-----w- c:\users\Alex\AppData\Local\AIM
2010-04-23 21:07 . 2010-04-23 21:07 -------- d-----w- c:\users\Alex\AppData\Local\AOL
2010-04-23 21:07 . 2010-04-23 21:07 -------- d-----w- c:\programdata\AIM
2010-04-23 21:07 . 2010-04-23 21:07 -------- d-----w- c:\program files\AIM
2010-04-23 21:07 . 2010-04-23 21:07 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-04-23 21:07 . 2010-04-23 21:07 -------- d-----w- c:\program files\Common Files\AOL
2010-04-21 23:52 . 2010-05-09 19:11 -------- d-----w- c:\program files\Ask.com
2010-04-21 23:52 . 2010-04-22 00:00 -------- d-----w- c:\users\Alex\AppData\Roaming\Trillian
2010-04-21 23:51 . 2010-04-22 00:04 -------- d-----w- c:\program files\Trillian

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 03:23 . 2008-09-06 21:30 74752 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-17 02:20 . 2010-04-11 05:20 -------- d-----w- c:\program files\WinUtilities
2010-05-17 01:32 . 2008-09-09 23:15 1356 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
2010-05-15 14:45 . 2008-09-06 22:20 -------- d-----w- c:\program files\Opera
2010-05-12 21:45 . 2008-09-06 22:45 -------- d-----w- c:\program files\Google
2010-05-11 02:55 . 2008-09-06 23:18 -------- d-----w- c:\program files\Alwil Software
2010-05-11 00:03 . 2010-04-12 17:36 -------- d-----w- c:\programdata\PMB Files
2010-05-11 00:03 . 2009-06-26 13:07 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2010-05-09 05:20 . 2009-12-15 12:42 -------- d-----w- c:\program files\Sony
2010-05-06 20:34 . 2008-09-06 23:18 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 00:23 . 2009-09-03 19:49 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-02 14:21 . 2009-06-26 13:30 -------- d-----w- c:\program files\uTorrent
2010-04-18 02:45 . 2010-04-02 01:41 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-18 02:44 . 2010-04-02 01:55 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-15 03:47 . 2008-02-27 07:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 03:34 . 2010-04-15 03:34 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-04-13 14:44 . 2010-04-13 14:44 -------- d-----w- c:\program files\Photobie
2010-04-13 14:40 . 2010-04-12 01:58 -------- d-----w- c:\program files\GIMP-2.0
2010-04-12 19:21 . 2010-04-12 17:52 -------- d-----w- c:\program files\Nexon
2010-04-12 17:36 . 2010-04-12 17:36 -------- d-----w- c:\program files\Pando Networks
2010-04-12 15:50 . 2010-04-02 01:27 139152 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-04-12 15:50 . 2010-04-02 01:27 139152 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-04-12 02:43 . 2010-04-12 02:08 -------- d-----w- c:\users\Alex\AppData\Roaming\gtk-2.0
2010-04-12 02:18 . 2010-04-12 02:18 -------- d-----w- c:\users\Alex\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-04-12 00:20 . 2010-04-12 00:17 -------- d-----w- c:\users\Alex\AppData\Roaming\Logitech
2010-04-12 00:19 . 2010-04-12 00:19 53248 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-12 00:19 . 2010-04-12 00:19 -------- d-----w- c:\users\Alex\AppData\Roaming\Leadertech
2010-04-12 00:19 . 2010-04-12 00:17 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-04-12 00:19 . 2010-04-12 00:18 -------- d-----w- c:\programdata\Logishrd
2010-04-12 00:19 . 2010-04-12 00:19 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-04-12 00:18 . 2010-04-12 00:18 -------- d-----w- c:\program files\Logitech
2010-04-12 00:18 . 2010-04-12 00:17 -------- d-----w- c:\users\Alex\AppData\Roaming\Logishrd
2010-04-11 02:55 . 2010-04-11 02:20 -------- d-----w- c:\users\Alex\AppData\Roaming\TeamViewer
2010-04-11 02:39 . 2010-04-11 02:39 -------- d-----w- c:\program files\QS
2010-04-03 15:58 . 2010-04-03 15:58 307673 ----a-w- c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.exe
2010-04-03 15:04 . 2010-04-03 15:04 -------- d-----w- c:\users\Alex\AppData\Roaming\AnvSoft
2010-04-03 15:03 . 2010-04-03 15:03 -------- d-----w- c:\program files\AnvSoft
2010-04-02 01:41 . 2010-04-02 01:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-02 01:25 . 2010-04-02 01:25 794408 ----a-w- c:\windows\system32\pbsvc[1].exe
2010-04-02 00:06 . 2010-04-02 00:06 -------- d-----w- c:\programdata\id Software
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 21:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-12 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-15 385024]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ToggleHiddenFiles.exe [2010-4-3 307673]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-12-06 21:13 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 doxwad;doxwad;c:\windows\System32\drivers\ieeroq.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-31 3534776]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-06 03:39]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 02:24]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: quakelive.com\www
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 16:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-17 16:38:24
ComboFix-quarantined-files.txt 2010-05-17 20:38

Pre-Run: 90,295,222,272 bytes free
Post-Run: 90,401,415,168 bytes free

- - End Of File - - 7E4DE21797F8C6EC0972FB4CF1097A1A

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft18th May 2010, 4:44 am

more_horiz
Cannot Completely Remove Antispyware Soft Bf_new Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft19th May 2010, 9:46 pm

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/19/2010 2:46:06 PM
mbam-log-2010-05-19 (14-46-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 327551
Time elapsed: 1 hour(s), 23 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Nothing, maybe I wasn't so thorough before.

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft19th May 2010, 11:03 pm

more_horiz
Hi

Download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
Alternate link: http://ottools.noahdfear.net/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

descriptionCannot Completely Remove Antispyware Soft EmptyRe: Cannot Completely Remove Antispyware Soft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum