WiredWX Hobby Weather ToolsLog in

 


AV security suite- thought i'd removed it but its not totally gone

2 posters

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
omg im going to shoot my pc

this is so not fair why wont it let me post!!!

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Hello.
Can you attach the logs instead?

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
i trie that. it still gave me the same 'connection has been reset' page

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Please make sure there is no proxy set

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


Try it now.

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
i already did that as it was in the original instructions i found.double checked them, no proxy on either browser and i still cant attach or post logs

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    AV security suite- thought i'd removed it but its not totally gone - Page 2 CF_download_FF

    AV security suite- thought i'd removed it but its not totally gone - Page 2 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    AV security suite- thought i'd removed it but its not totally gone - Page 2 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    AV security suite- thought i'd removed it but its not totally gone - Page 2 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
those are some pretty complex instructions Whoa! i'm really afraid i'm going to mess it up if i try that. since the initial infection on the 23rd and subsequent attempted removal the symptoms are much better. firefox is now catching a bunch of attempted redirects (not all) as well as some popups (also, not all) and my AVG free virus software has caught several attempts and blocked them. i'm still getting that stupid just in time debugger thing but i'm petrified to try all of that Can't Believe It

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Hello.
I think there maybe a rootkit involved, so please attempt Combofix. Smile...

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
ok, i followed the instructions... heres the log

ComboFix 10-07-03.06 - Joe 07/04/2010 19:10:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1541 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\ibncobaex
c:\documents and settings\NetworkService\Local Settings\Application Data\ibncobaex\luhmmemtssd.exe
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 05:34 . 2010-07-04 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 03:37 . 2010-06-25 03:37 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-24 22:59 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Promosoft Corporation
2010-06-24 19:50 . 2010-06-24 19:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-24 15:51 . 2010-06-26 16:10 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Promosoft Corporation
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2010-06-24 15:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-24 15:34 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-24 04:10 . 2010-06-24 04:10 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Threat Expert
2010-06-24 03:55 . 2010-06-24 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 03:11 . 2010-06-24 03:11 388096 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-24 02:46 . 2010-06-24 02:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-06-24 02:32 . 2010-06-24 18:10 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\irxllydhq
2010-06-11 06:42 . 2010-06-11 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-11 06:42 . 2010-06-11 06:42 -------- d-----w- c:\windows\system32\drivers\NSS
2010-06-11 06:42 . 2010-06-11 06:42 -------- d-----w- c:\program files\Norton Security Scan
2010-06-11 06:42 . 2010-06-11 06:42 -------- d-----w- c:\program files\NortonInstaller
2010-06-11 06:42 . 2010-06-11 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-11 03:43 . 2010-06-11 03:43 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 04:33 . 2010-04-13 03:30 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2010-07-03 20:11 . 2004-05-16 14:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-29 23:47 . 2009-08-17 01:55 -------- d-----w- c:\documents and settings\Joe\Application Data\uTorrent
2010-06-26 16:10 . 2010-04-20 03:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 02:39 . 2010-06-24 02:39 1152444 ----a-w- c:\windows\is-F9O56.tmp
2010-06-11 06:42 . 2004-05-16 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-11 03:43 . 2010-05-19 03:14 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 03:43 . 2010-05-19 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 03:43 . 2009-08-20 23:30 -------- d-----w- c:\program files\DivX
2010-06-11 03:43 . 2009-08-20 23:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 03:42 . 2010-05-19 03:13 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 03:42 . 2010-05-19 03:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-04 02:04 . 2009-08-12 09:02 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-04 02:04 . 2009-08-12 09:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 18:09 . 2010-05-28 18:09 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-sse.dll
2010-05-28 18:09 . 2010-05-28 18:09 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcp71.dll
2010-05-28 18:09 . 2010-05-28 18:09 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\jmc.dll
2010-05-28 18:09 . 2010-05-28 18:09 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcr71.dll
2010-05-28 18:09 . 2010-05-28 18:09 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-d3d.dll
2010-05-19 03:14 . 2009-08-20 23:31 -------- d-----w- c:\documents and settings\Joe\Application Data\DivX
2010-05-19 03:12 . 2010-05-19 03:12 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-19 03:12 . 2010-05-19 03:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-02 05:22 . 2002-08-29 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 02:15 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-25 02:15 . 2009-09-28 06:08 143976 ----a-w- c:\documents and settings\Joe\Application Data\Move Networks\uninstall.exe
2010-04-25 02:15 . 2010-04-25 02:15 1794456 ----a-w- c:\documents and settings\Joe\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-04-20 05:30 . 2002-08-29 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-06 02:40 . 2010-01-13 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-06 02:33 . 2010-04-06 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-06 02:33 . 2009-08-12 09:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALiRaid"="c:\program files\ALIRAID\ALiRaid.exe" [2004-01-09 401408]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-04 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-06 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-10-06 22:57 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 17:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]
2007-04-19 21:00 125792 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- g:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Color Inkjet CP1700\\ToolBox\\HPWATBX.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Program Files\\BrightShadow\\BrightShadow.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58513:TCP"= 58513:TCP:Pando Media Booster
"58513:UDP"= 58513:UDP:Pando Media Booster

R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [5/15/2004 1:41 PM 44925]
R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [5/15/2004 1:41 PM 49357]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2009 5:02 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/12/2009 5:02 AM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/5/2010 10:33 PM 308064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/12/2009 4:54 AM 24652]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 GSSUSB;Gilat SkyBlaster USB Adapter;c:\windows\system32\drivers\gssNic.sys [5/16/2004 7:05 AM 161681]
S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [5/16/2004 12:32 PM 3680]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\system32\drivers\itsernum.sys [5/16/2004 12:32 PM 20133]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [5/16/2004 12:28 PM 933818]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/23/2009 2:47 AM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-04 c:\windows\Tasks\Norton Security Scan for Joe.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-11 13:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://register.starband.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: {9F8EFC6E-3039-435B-AFDE-7D7F17129B90} = 24.25.5.148,24.25.5.147
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\2vmklbu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-ccRegVfy - (no file)
HKLM-Run-GhostStartTrayApp - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-ISTray - g:\program files\Spyware Doctor\pctsTray.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-484763869-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:20,b9,63,b3,ab,e6,90,89,62,95,91,18,85,6f,9d,81,d4,f2,28,d6,4e,
b3,83,27,13,47,e4,15,aa,4d,c8,cc,1c,dc,2e,13,6b,5d,a4,0a,de,6e,07,3d,de,7b,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-04 19:17:38
ComboFix-quarantined-files.txt 2010-07-04 23:17

Pre-Run: 7,306,883,072 bytes free
Post-Run: 7,546,302,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
g:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 6C9C1D030123FA6277ACAADE899EC5BD

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    Folder::
    c:\documents and settings\Joe\Local Settings\Application Data\irxllydhq

    Driver::
    ASKUpgrade

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    AV security suite- thought i'd removed it but its not totally gone - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
question, i am to copy
KILLALL::

Folder::
c:\documents and settings\Joe\Local Settings\Application Data\irxllydhq

Driver::
ASKUpgrade

but not the code: at the top yes?

and between steps 5 and 6 i dont run combofix, just drag and drop?

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
Yes. Smile...

descriptionAV security suite- thought i'd removed it but its not totally gone - Page 2 EmptyRe: AV security suite- thought i'd removed it but its not totally gone

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum