windows antivirus pro & home antivirus 2010 REMOVAL

4 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

windows antivirus pro & home antivirus 2010 REMOVAL1st August 2009, 3:15 pm

My computer have been infected with 2 viruses, I tried to do my best but did not worked. I stopped the pup ups and tried to run Malwarebytes Anti-Malware but it does not work. I think that the viruses are blocking it. I uninstalled it many time and reinstalled it again and again, but the Malwarebytes Anti-Malware does not work. I downloaded a antivirus called ESET NOD32 and is scanning my computer now, i do not now if this will work. PLEASE I NEED HELP!!!!!!!

Re: windows antivirus pro & home antivirus 2010 REMOVAL1st August 2009, 6:33 pm

Hello rocio25,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
If you have any cracked/pirated software in your computer delete them or we will not help you.
Only follow advise from Geek Police Staff and not a regular member.
Do NOT run any tool without Geek Police supervision as it could hinder your system useless.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

windows antivirus pro & home antivirus 2010 REMOVAL 2wg6fte

Re: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 12:55 pm

I tried to run the HijackThis and in the middle of the scan process it just disappear from the screen. I do not know if finished the scan and made the report. What Should I do now?

Re: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 12:57 pm

Also, when I tried to open the HijackThis file again a have a message: "Windows cannot access the specified device, path or file. You may not have the appropiate permissions to access the item."

Re: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 7:14 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
windows antivirus pro & home antivirus 2010 REMOVAL DXwU4

windows antivirus pro & home antivirus 2010 REMOVAL DXwU4

windows antivirus pro & home antivirus 2010 REMOVAL VvYDg

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 1:04 pm

I follow your instructions and here is the report: the report is to big that i have to send it in two part.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rocio at 8:57:06.37 on Tue 08/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2430 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Onyx\AutoUpdate\OnxUpdtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
C:\Program Files\Software602\Print2PDF\PrnPack.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\braviax.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\DOCUME~1\Rocio\LOCALS~1\Temp\JobMonitor\JobMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Rocio\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [EFI Job Monitor] c:\windows\system32\rundll32.exe c:\windows\system32\spool\drivers\w32x86\3\efjm.dll,run
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CnwiDeviceAgent] c:\program files\canon\garostatusmonitor\cnwida.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [PrintPack dispatcher] "c:\program files\software602\print2pdf\PrnPack.exe" /server
mRun: [Mailstation Assistant] c:\program files\pitney bowes\mailstation 2\mailstationAssistant minimize
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [braviax] braviax.exe
mRun: [AHNSD] "c:\program files\ahnlab\smart update utility\AhnSD.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Home Antivirus 2010] "c:\program files\homeantivirus2010\HomeAntivirus2010.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\garost~1.lnk - c:\program files\canon\garostatusmonitor\cnwism.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\okilpr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\software602\print2pdf\Print602.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: yahoo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227885096328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://colormanagement.webex.com/client/T26L/nbr/ieatgpc.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 1:05 pm

The Second part of the report is:

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\ahnlab\smart update utility\AhnSDsv.exe [2009-8-1 169664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\autoupdate\OnxUpdtService.exe [2007-8-24 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-4-11 14416]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-2-18 214888]
S2 Par1284;Par1284;c:\program files\flexisign-pro 7.0v2\program\Par1284.sys [2007-8-9 53344]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2008-11-7 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2003-2-17 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [2003-1-16 26045]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]

=============== Created Last 30 ================

2009-08-03 10:50 --d----- c:\program files\HomeAntivirus2010
2009-08-03 10:29 19,978 a------- c:\program files\common files\qimup.exe
2009-08-03 10:29 19,795 a------- c:\program files\common files\oqitivogew.dll
2009-08-03 10:29 18,742 a------- c:\docume~1\alluse~1\applic~1\ytetyfuboz.vbs
2009-08-03 10:29 18,493 a------- c:\docume~1\alluse~1\applic~1\owagewupec.pif
2009-08-03 10:29 18,474 a------- c:\docume~1\alluse~1\applic~1\baweh.pif
2009-08-03 10:29 16,999 a------- c:\docume~1\alluse~1\applic~1\yxolu.dll
2009-08-03 10:29 11,632 a------- c:\docume~1\rocio\applic~1\zyvel.sys
2009-08-03 10:29 10,781 a------- c:\windows\axuxiq.bat
2009-08-03 08:41 18,880 a------- c:\docume~1\alluse~1\applic~1\rotimaje.pif
2009-08-03 08:41 11,073 a------- c:\windows\system32\jyfaxe.ban
2009-08-03 08:41 10,323 a------- c:\windows\nuperyvy.dll
2009-08-03 08:41 19,723 a------- c:\docume~1\rocio\applic~1\ytenuj.dat
2009-08-03 08:41 15,552 a------- c:\windows\cacegyna.dll
2009-08-03 08:41 15,098 a------- c:\windows\sybu.lib
2009-08-03 08:41 14,900 a------- c:\windows\adezenuto.db
2009-08-03 08:41 11,595 a------- c:\docume~1\alluse~1\applic~1\vytyx.bat
2009-08-03 08:41 11,461 a------- c:\windows\system32\azymydo.reg
2009-08-03 08:41 10,086 a------- c:\windows\zawe.dll
2009-08-02 08:58 19,443 a------- c:\windows\system32\jecu.bat
2009-08-02 08:58 18,365 a------- c:\program files\common files\zeba.sys
2009-08-02 08:58 16,241 a------- c:\docume~1\alluse~1\applic~1\nejyfazado.scr
2009-08-02 08:58 16,036 a------- c:\windows\system32\zudi.vbs
2009-08-02 08:58 12,402 a------- c:\windows\rufofukuhi.dll
2009-08-02 08:58 11,570 a------- c:\windows\system32\imowizo.inf
2009-08-02 08:58 11,399 a------- c:\windows\system32\punece.scr
2009-08-02 08:58 11,376 a------- c:\windows\cydule.sys
2009-08-02 08:58 11,199 a------- c:\windows\system32\polybafos._sy
2009-08-02 08:58 10,065 a------- c:\program files\common files\sorylawa.dll
2009-08-01 10:51 --d----- c:\docume~1\rocio\applic~1\ESET
2009-08-01 10:50 --d----- c:\program files\ESET
2009-08-01 10:12 19,839 a------- c:\windows\system32\sudypy.bat
2009-08-01 10:12 19,785 a------- c:\windows\system32\kesuk.ban
2009-08-01 10:12 18,418 a------- c:\windows\ywodi.pif
2009-08-01 10:12 17,126 a------- c:\windows\syguki.pif
2009-08-01 10:12 15,956 a------- c:\windows\jiqowomyki.com
2009-08-01 10:12 15,856 a------- c:\docume~1\rocio\applic~1\bimynano.com
2009-08-01 10:12 14,930 a------- c:\windows\gynupasiq.sys
2009-08-01 10:12 14,032 a------- c:\windows\ecenuqaje.vbs
2009-08-01 10:12 13,653 a------- c:\windows\xironyg.dat
2009-08-01 10:12 11,417 a------- c:\windows\naduvihe.lib
2009-08-01 10:12 10,772 a------- c:\windows\uvibiwe.db
2009-07-31 17:02 4,614 a------- c:\windows\system32\tmp.reg
2009-07-31 16:59 --d----- c:\windows\pss
2009-07-31 14:57 18,471 a------- c:\program files\common files\hodyjez.bin
2009-07-31 14:57 17,317 a------- c:\docume~1\alluse~1\applic~1\umyhytahyh.pif
2009-07-31 14:57 16,088 a------- c:\windows\ikifibydy.reg
2009-07-31 14:57 15,709 a------- c:\program files\common files\enyxiqu.bin
2009-07-31 14:57 15,480 a------- c:\docume~1\alluse~1\applic~1\ulegajevat.vbs
2009-07-31 14:57 15,457 a------- c:\docume~1\rocio\applic~1\pohifawuk.com
2009-07-31 14:57 15,242 a------- c:\windows\ykowuta._dl
2009-07-31 14:57 15,085 a------- c:\windows\iqywepej.pif
2009-07-31 14:57 13,365 a------- c:\windows\rozomanym._dl
2009-07-31 14:57 12,902 a------- c:\docume~1\rocio\applic~1\iviva.sys
2009-07-31 14:57 10,351 a------- c:\program files\common files\abaroqydes.com
2009-07-31 14:57 10,044 a------- c:\windows\izamebys.sys
2009-07-31 14:57 19,878 a------- c:\windows\aqun.sys
2009-07-31 14:57 18,161 a------- c:\program files\common files\fine.pif
2009-07-31 14:57 18,030 a------- c:\windows\ykyqikyhog.reg
2009-07-31 14:57 12,865 a------- c:\windows\system32\ryfemuze.lib
2009-07-31 14:57 12,738 a------- c:\windows\hybymagapa.lib
2009-07-31 14:57 12,262 a------- c:\docume~1\alluse~1\applic~1\pajutolyt.scr
2009-07-31 14:57 10,031 a------- c:\windows\iwivic.lib
2009-07-31 14:46 185,405 a------- c:\windows\system32\wisdstr.exe
2009-07-31 14:43 9 a------- c:\windows\system32\bennuar.old
2009-07-31 14:43 827,392 a------- c:\windows\system32\dddesot.dll
2009-07-31 14:43 176,128 a------- c:\windows\svchast.exe
2009-07-31 14:43 65,536 a------- c:\windows\system32\desot.exe
2009-07-31 14:43 88 a------- c:\windows\system32\sonhelp.htm
2009-07-31 14:43 64 a------- c:\windows\ppp4.dat
2009-07-31 14:43 36 a------- c:\windows\system32\sysnet.dat
2009-07-31 14:43 2 a------- c:\windows\ppp3.dat
2009-07-31 14:41 9,216 a------- c:\windows\braviax.exe
2009-07-31 14:39 24,576 a------- c:\windows\system32\tapi.nfo
2009-07-31 14:39 46 a------- C:\p2hhr.bat
2009-07-31 14:38 69,640 a------- C:\abgcty.exe
2009-07-31 14:38 15,000 a------- c:\windows\system32\ghaf8jkdfd.dll
2009-07-31 14:38 12,288 a------- C:\jeooxqma.exe
2009-07-31 14:38 22,016 a------- C:\cpakfja.exe
2009-07-31 14:38 19,456 a------- C:\njeoahhq.exe
2009-07-31 14:38 10,240 a------- C:\phdtsk.exe
2009-07-22 08:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-22 08:55 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-06 11:42 --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-08-01 10:12 18,848 a------- c:\program files\common files\sogety.inf
2009-07-31 14:57 10,494 a------- c:\program files\common files\umutud.db
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-18 08:15 964 a------- c:\docume~1\rocio\applic~1\wklnhst.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-06-02 06:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-01-02 15:54 21,747,397 a------- c:\program files\sw65demo.exe
2008-04-11 09:36 108 a------- c:\program files\INSTALL.LOG
2008-03-31 10:03 61,224 a------- c:\documents and settings\rocio\GoToAssistDownloadHelper.exe

============= FINISH: 8:57:21.26 ===============

Windows antivirus pro4th August 2009, 2:51 pm

Good morning,
I am not sure if I am posting in the correct place - my apologies if I did not. I have this windows antivirus pro on my computer - it has frozen everything and I am surprised I could even get my e-mail open. I have dowloaded antibytes malware a couple of weeks ago to get rid of windows personal antivirus and it worked but now I cannot open it. I tried downloading HiJack this so I could send you a log but my computer is blocking access. Can you help?

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 5:30 pm

you posted your problem in the wrong place. You have to open a new account first, then go to spyware, virus forum and open a new topic and place your problem there.

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 6:51 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (ESET NOD32)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 8:17 pm

I have done what you told me, I have a report, What do you want me to do with it? It is all over? the inernet explorer icon is not working, I have to use Mozilla firefox.

Re: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 8:22 pm

should I install the Malwarebytes AntiMalware and run it? What Shouls I do?

Re: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 5:34 pm

Post the report here please. Smile...

Re: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:10 pm

The report is to big therefore I have to send it in two parts, here is the first part:

ComboFix 09-08-04.01 - Rocio 08/04/2009 16:03.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2340 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\asikuzexit.bat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\avon.db
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\divano.dl
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\fasogogo.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\oxisu.dll
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\paqypi.exe
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\rirotili.pif
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\teqewep.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\texanemeh.dat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ucukyriw.vbs
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\uwip.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ykyvuzima.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\zexozato.dll
C:\p2hhr.bat
C:\phdtsk.exe
c:\program files\INSTALL.LOG
c:\program files\Microsoft Office\WINWORD.EXE
c:\windows\braviax.exe
c:\windows\Installer\31bf4f.msi
c:\windows\Installer\3a21477.msp
c:\windows\Installer\3a21478.msp
c:\windows\Installer\3a21479.msp
c:\windows\Installer\3a2147a.msp
c:\windows\Installer\3a2147b.msp
c:\windows\Installer\3a2147c.msp
c:\windows\Installer\3a2147d.msp
c:\windows\Installer\3a2147e.msp
c:\windows\Installer\3a2147f.msp
c:\windows\Installer\8c849a6.msp
c:\windows\Installer\8c849a7.msp
c:\windows\Installer\8c849a8.msp
c:\windows\Installer\8c849a9.msp
c:\windows\Installer\8c849aa.msp
c:\windows\Installer\8c849ab.msp
c:\windows\Installer\8c849ac.msp
c:\windows\Installer\8c849ad.msp
c:\windows\Installer\8c849ae.msp
c:\windows\Installer\b9018.msp
c:\windows\Installer\b9020.msp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\xidbbfyz.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ghaf8jkdfd.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

Infected copy of c:\windows\system32\netlogon.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netlogon.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:43 . 2009-08-04 14:43 12212 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
2009-08-04 14:43 . 2009-08-04 14:43 10093 ----a-w- c:\windows\system32\akeveloh.bin
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-03 12:41 . 2009-08-03 12:41 10323 ----a-w- c:\windows\nuperyvy.dll
2009-08-03 12:41 . 2009-08-03 12:41 15552 ----a-w- c:\windows\cacegyna.dll
2009-08-03 12:41 . 2009-08-03 12:41 11595 ----a-w- c:\documents and settings\All Users\Application Data\vytyx.bat
2009-08-03 12:41 . 2009-08-03 12:41 11461 ----a-w- c:\windows\system32\azymydo.reg
2009-08-03 12:41 . 2009-08-03 12:41 10086 ----a-w- c:\windows\zawe.dll
2009-08-02 12:58 . 2009-08-02 12:58 19443 ----a-w- c:\windows\system32\jecu.bat
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 16241 ----a-w- c:\documents and settings\All Users\Application Data\nejyfazado.scr
2009-08-02 12:58 . 2009-08-02 12:58 16036 ----a-w- c:\windows\system32\zudi.vbs
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-02 12:58 . 2009-08-02 12:58 12402 ----a-w- c:\windows\rufofukuhi.dll
2009-08-02 12:58 . 2009-08-02 12:58 11399 ----a-w- c:\windows\system32\punece.scr
2009-08-02 12:58 . 2009-08-02 12:58 11376 ----a-w- c:\windows\cydule.sys
2009-08-02 12:58 . 2009-08-02 12:58 10065 ----a-w- c:\program files\Common Files\sorylawa.dll
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-01 14:12 . 2009-08-01 14:12 19839 ----a-w- c:\windows\system32\sudypy.bat
2009-08-01 14:12 . 2009-08-01 14:12 18418 ----a-w- c:\windows\ywodi.pif
2009-08-01 14:12 . 2009-08-01 14:12 17126 ----a-w- c:\windows\syguki.pif
2009-08-01 14:12 . 2009-08-01 14:12 15956 ----a-w- c:\windows\jiqowomyki.com
2009-08-01 14:12 . 2009-08-01 14:12 15856 ----a-w- c:\documents and settings\Rocio\Application Data\bimynano.com
2009-08-01 14:12 . 2009-08-01 14:12 14930 ----a-w- c:\windows\gynupasiq.sys
2009-08-01 14:12 . 2009-08-01 14:12 14032 ----a-w- c:\windows\ecenuqaje.vbs
2009-08-01 14:12 . 2009-08-01 14:12 13653 ----a-w- c:\windows\xironyg.dat
2009-07-31 18:43 . 2009-07-31 19:06 65536 ----a-w- c:\windows\system32\desot.exe
2009-07-31 18:43 . 2009-07-31 19:06 64 ----a-w- c:\windows\ppp4.dat
2009-07-31 18:43 . 2009-07-31 19:06 2 ----a-w- c:\windows\ppp3.dat
2009-07-31 18:43 . 2009-07-31 19:04 827392 ----a-w- c:\windows\system32\dddesot.dll
2009-07-31 18:43 . 2009-07-31 18:43 36 ----a-w- c:\windows\system32\sysnet.dat
2009-07-31 18:43 . 2009-07-31 18:43 176128 ----a-w- c:\windows\svchast.exe
2009-07-31 18:38 . 2009-07-31 18:38 69640 ----a-w- C:\abgcty.exe
2009-07-31 18:38 . 2009-07-31 18:38 12288 ----a-w- C:\jeooxqma.exe
2009-07-31 18:38 . 2009-07-31 18:38 22016 ----a-w- C:\cpakfja.exe
2009-07-31 18:38 . 2009-07-31 18:38 19456 ----a-w- C:\njeoahhq.exe
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-06 15:42 . 2009-08-03 12:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 20:00 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 19:42 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-08-01 14:12 . 2009-08-01 14:12 18848 ----a-w- c:\program files\Common Files\sogety.inf
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 14:32 . 2009-07-01 18:30 -------- d-----w- c:\program files\drv
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-26 18:58 . 2009-06-26 18:58 -------- d-----w- c:\documents and settings\Rocio\Application Data\rfeshmqh
2009-06-22 15:51 . 2009-06-22 15:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\rfeshmqh
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-07 15:32 . 2004-08-10 16:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-02 19:54 . 2009-01-02 19:54 21747397 ----a-w- c:\program files\sw65demo.exe
2009-07-30 11:26 . 2009-08-04 18:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

Re: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:11 pm

This is the second part of the report:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
""=
"8085:TCP"= 8085:TCP:drv

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S1 is-HVF13drv;is-HVF13drv;c:\windows\system32\DRIVERS\90736237.sys --> c:\windows\system32\DRIVERS\90736237.sys [?]
S1 is-N9611drv;is-N9611drv;c:\windows\system32\DRIVERS\92592820.sys --> c:\windows\system32\DRIVERS\92592820.sys [?]
S1 is-UC7V3drv;is-UC7V3drv;c:\windows\system32\DRIVERS\30970194.sys --> c:\windows\system32\DRIVERS\30970194.sys [?]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 FLDNRUYYPGBPE;FLDNRUYYPGBPE;c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe [?]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]
S3 KLWCEKNLF;KLWCEKNLF;c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe [?]
S3 KN;KN;c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvprkney

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-04 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 20:13

Pre-Run: 163,002,667,008 bytes free
Post-Run: 163,818,901,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

381 --- E O F --- 2009-07-31 21:22

Re: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:12 pm

I have ran the Malwarebytes AntiMalware and detected 15 viruses and got read of them. I guess this is over, and my computer is working fine, except for the internet explorer.

Re: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 11:05 pm

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
c:\windows\system32\akeveloh.bin
c:\windows\nuperyvy.dll
c:\windows\cacegyna.dll
c:\documents and settings\All Users\Application Data\vytyx.bat
c:\windows\system32\azymydo.reg
c:\windows\zawe.dll
c:\windows\system32\jecu.bat
c:\documents and settings\All Users\Application Data\nejyfazado.scr
c:\windows\system32\zudi.vbs
c:\windows\rufofukuhi.dll
c:\windows\system32\punece.scr
c:\windows\cydule.sys
c:\program files\Common Files\sorylawa.dll
c:\windows\system32\sudypy.bat
c:\windows\ywodi.pif
c:\windows\syguki.pif
c:\windows\jiqowomyki.com
c:\documents and settings\Rocio\Application Data\bimynano.com
c:\windows\gynupasiq.sys
c:\windows\ecenuqaje.vbs
c:\windows\xironyg.dat
c:\windows\system32\desot.exe
c:\windows\ppp4.dat
c:\windows\ppp3.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\sysnet.dat
c:\windows\svchast.exe
C:\abgcty.exe
C:\jeooxqma.exe
C:\cpakfja.exe
C:\njeoahhq.exe
c:\program files\Common Files\sogety.inf
c:\program files\sw65demo.exe

Folder::
c:\program files\drv
c:\documents and settings\Rocio\Application Data\rfeshmqh
c:\documents and settings\NetworkService\Application Data\rfeshmqh

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

Driver::
is-HVF13drv
is-N9611drv
is-UC7V3drv
FLDNRUYYPGBPE
KLWCEKNLF
KN
yeddef

NetSvcs::
rvprkney

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
windows antivirus pro & home antivirus 2010 REMOVAL Sfxdaw

windows antivirus pro & home antivirus 2010 REMOVAL Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:04 pm

Again, the report is too big and I need to send it in two parts:

ComboFix 09-08-04.04 - Rocio 08/06/2009 9:45.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rocio\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
* Created a new restore point

FILE ::
"C:\abgcty.exe"
"C:\cpakfja.exe"
"c:\documents and settings\All Users\Application Data\nejyfazado.scr"
"c:\documents and settings\All Users\Application Data\vytyx.bat"
"c:\documents and settings\Rocio\Application Data\bimynano.com"
"c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin"
"C:\jeooxqma.exe"
"C:\njeoahhq.exe"
"c:\program files\Common Files\sogety.inf"
"c:\program files\Common Files\sorylawa.dll"
"c:\program files\sw65demo.exe"
"c:\windows\cacegyna.dll"
"c:\windows\cydule.sys"
"c:\windows\ecenuqaje.vbs"
"c:\windows\gynupasiq.sys"
"c:\windows\jiqowomyki.com"
"c:\windows\nuperyvy.dll"
"c:\windows\ppp3.dat"
"c:\windows\ppp4.dat"
"c:\windows\rufofukuhi.dll"
"c:\windows\svchast.exe"
"c:\windows\syguki.pif"
"c:\windows\system32\akeveloh.bin"
"c:\windows\system32\azymydo.reg"
"c:\windows\system32\dddesot.dll"
"c:\windows\system32\desot.exe"
"c:\windows\system32\jecu.bat"
"c:\windows\system32\punece.scr"
"c:\windows\system32\sudypy.bat"
"c:\windows\system32\sysnet.dat"
"c:\windows\system32\zudi.vbs"
"c:\windows\xironyg.dat"
"c:\windows\ywodi.pif"
"c:\windows\zawe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nejyfazado.scr
c:\documents and settings\All Users\Application Data\vytyx.bat
c:\documents and settings\NetworkService\Application Data\rfeshmqh
c:\documents and settings\NetworkService\Application Data\rfeshmqh\profiles.ini
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\cert8.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\key3.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\prefs.js
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\secmod.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\xpti.dat
c:\documents and settings\Rocio\Application Data\bimynano.com
c:\documents and settings\Rocio\Application Data\rfeshmqh
c:\documents and settings\Rocio\Application Data\rfeshmqh\profiles.ini
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\cert8.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\compatibility.ini
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\compreg.dat
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\cookies.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\formhistory.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\key3.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\localstore.rdf
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\permissions.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\places.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\pluginreg.dat
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\prefs.js
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\secmod.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\webappsstore.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\xpti.dat
c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
c:\program files\Common Files\sogety.inf
c:\program files\Common Files\sorylawa.dll
c:\program files\drv
c:\program files\sw65demo.exe
c:\windows\cacegyna.dll
c:\windows\cydule.sys
c:\windows\ecenuqaje.vbs
c:\windows\gynupasiq.sys
c:\windows\jiqowomyki.com
c:\windows\nuperyvy.dll
c:\windows\rufofukuhi.dll
c:\windows\syguki.pif
c:\windows\system32\akeveloh.bin
c:\windows\system32\azymydo.reg
c:\windows\system32\jecu.bat
c:\windows\system32\punece.scr
c:\windows\system32\sudypy.bat
c:\windows\system32\zudi.vbs
c:\windows\xironyg.dat
c:\windows\ywodi.pif
c:\windows\zawe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FLDNRUYYPGBPE
-------\Legacy_IS-HVF13DRV
-------\Legacy_IS-N9611DRV
-------\Legacy_IS-UC7V3DRV
-------\Legacy_KLWCEKNLF
-------\Legacy_KN
-------\Service_FLDNRUYYPGBPE
-------\Service_is-HVF13drv
-------\Service_is-N9611drv
-------\Service_is-UC7V3drv
-------\Service_KLWCEKNLF
-------\Service_KN
-------\Service_yeddef

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-04 20:48 . 2009-08-04 20:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 20:47 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 20:47 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 13:56 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-06 13:56 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:45 . 2009-07-06 15:42 -------- d-----w- c:\program files\Trend Micro
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:04 pm

and the second part is:

((((((((((((((((((((((((((((( SnapShot@2009-08-04_20.09.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 13:52 . 2009-08-06 13:52 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-08-05 17:46 . 2009-08-05 17:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
""=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvprkney

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-06 10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 14:00
ComboFix2.txt 2009-08-04 20:13

Pre-Run: 163,780,640,768 bytes free
Post-Run: 163,705,524,224 bytes free

382 --- E O F --- 2009-07-31 21:22

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:06 pm

should I keep all this report in my computer or I can delete them?

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 3:07 pm

Hello.
Just one more script, then that should do it.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
""=-

NetSvc::
rvprkney

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
windows antivirus pro & home antivirus 2010 REMOVAL Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:04 pm

Like before, I will send the report in two parts, here is the first:

ComboFix 09-08-04.04 - Rocio 08/06/2009 14:53.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2339 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rocio\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-04 20:48 . 2009-08-04 20:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 20:47 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 20:47 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 18:56 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-06 13:56 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:45 . 2009-07-06 15:42 -------- d-----w- c:\program files\Trend Micro
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_20.09.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 13:52 . 2009-08-06 13:52 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-08-05 17:46 . 2009-08-05 17:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:05 pm

and the second part is:

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(584)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-08-06 14:58
ComboFix-quarantined-files.txt 2009-08-06 18:58
ComboFix2.txt 2009-08-06 14:00
ComboFix3.txt 2009-08-04 20:13

Pre-Run: 163,798,278,144 bytes free
Post-Run: 163,774,775,296 bytes free

255 --- E O F --- 2009-07-31 21:22

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:08 pm

Hello.
Last few files to get rid of.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\documents and settings\All Users\Application Data\rotimaje.pif
c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
c:\program files\Common Files\zeba.sys
c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
c:\documents and settings\Rocio\Application Data\ytenuj.dat
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:08 pm

========== FILES ==========
c:\documents and settings\All Users\Application Data\rotimaje.pif moved successfully.
c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg moved successfully.
c:\program files\Common Files\zeba.sys moved successfully.
c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat moved successfully.
c:\documents and settings\Rocio\Application Data\ytenuj.dat moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08062009_160634

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:09 pm

What about my internet explores, it will work now or i should reinstall it?

Re: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:14 pm

Do the following:

Press Start > Run.
Type in cmd, then press enter.

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry.

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll

Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: windows antivirus pro & home antivirus 2010 REMOVAL7th August 2009, 8:02 pm

I followed all your instructions, but the Msjava.dll failed (the message said: the specified module could not be found) and the Mshtml.dll ( was located but the DLL registry server entry point was not found. this file cannot be registered) and I don't have internet yet.

Re: windows antivirus pro & home antivirus 2010 REMOVAL7th August 2009, 11:45 pm

Does Internet Explorer work, just no connection?

Re: windows antivirus pro & home antivirus 2010 REMOVAL9th August 2009, 3:58 am

I am using firefox now. Should I reinstall it? or what else should I do now? and thanks for all your help.

Re: windows antivirus pro & home antivirus 2010 REMOVAL9th August 2009, 11:16 am

Yes, try re-installing it.

Re: windows antivirus pro & home antivirus 2010 REMOVAL11th August 2009, 1:08 pm

Thank you very much for all your time and help, but I tried to unistall the internet and I couldn't. Internet explorer is not in add or remove programas, I followed windows support and it does not work. Should I use the Mozilla or You can help to repair internet explorer?

Re: windows antivirus pro & home antivirus 2010 REMOVAL11th August 2009, 1:32 pm

Use Mozilla, lets not mess about with Internet Explorer.

Re: windows antivirus pro & home antivirus 2010 REMOVAL12th August 2009, 12:52 pm

One last question, should I keep all the downloads like Combo-fix, Otm, etc...?

Re: windows antivirus pro & home antivirus 2010 REMOVAL12th August 2009, 4:59 pm

No, delete them.

windows antivirus pro & home antivirus 2010 REMOVAL

descriptionwindows antivirus pro & home antivirus 2010 REMOVAL1st August 2009, 3:15 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL1st August 2009, 6:33 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 12:55 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 12:57 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL3rd August 2009, 7:14 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 1:04 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 1:05 pm

descriptionWindows antivirus pro4th August 2009, 2:51 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 5:30 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 6:51 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 8:17 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL4th August 2009, 8:22 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 5:34 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:10 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:11 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 6:12 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL5th August 2009, 11:05 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:04 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:04 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 2:06 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 3:07 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:04 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:05 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 7:08 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:08 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:09 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL6th August 2009, 8:14 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL7th August 2009, 8:02 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL7th August 2009, 11:45 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL9th August 2009, 3:58 am

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL9th August 2009, 11:16 am

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL11th August 2009, 1:08 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL11th August 2009, 1:32 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL12th August 2009, 12:52 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL12th August 2009, 4:59 pm

descriptionRe: windows antivirus pro & home antivirus 2010 REMOVAL