GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Do I have Personal Antivirus?

3 posters

descriptionDo I have Personal Antivirus? EmptyDo I have Personal Antivirus?10th August 2009, 12:47 pm

more_horiz
3 days ago the personalonlinescanner from Personal Antivirus showed up while my wife was online. I tried to exit but could not so I turned the computer off. When we restarted there was no sign of it. I downloaded Malwarebytes and ran a full scan and everything came up clean. There has been no sign of it the last 3 days and when I search for files with Personal Antivirus nothing comes up. Can I be sure I'm clean? Is there anything else I need to do to be sure?

descriptionDo I have Personal Antivirus? EmptyHello, Anybody?12th August 2009, 10:32 pm

more_horiz
Having had no indication in 5 days of Personal Antivirus on my computer, can I assume it has not infected my computer? For those who have had it, does it pop up and bother you all the time? Would the Malwarebytes scan I ran have picked it up, or could it have missed it?

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?13th August 2009, 12:06 am

more_horiz

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionDo I have Personal Antivirus? EmptyRequested log for Personal Antivirus check13th August 2009, 11:10 am

more_horiz
DDS (Ver_09-07-30.01) - NTFSx86
Run by Phillip at 5:54:47.07 on Thu 08/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.223.108 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Phillip\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://support.att.net/welcome_pby
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [S3TRAY2] S3tray2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phillip\applic~1\mozilla\firefox\profiles\nl13ekbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/p/1.html
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-9 308936]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2009-7-11 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2009-7-11 34992]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20020819.002\NAVENG.SYS [2003-4-21 66816]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20020819.002\NAVEX15.SYS [2003-4-21 590944]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2009-7-11 235184]
S2 SBService;scriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-14 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-20 63176]

=============== Created Last 30 ================

2009-08-13 05:32 --d-h--- c:\windows\PIF
2009-08-11 15:45 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 15:42 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 15:42 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-08 22:00 --d----- c:\docume~1\phillip\applic~1\Malwarebytes
2009-08-08 21:59 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-05 04:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 01:52 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-21 01:52 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-15 07:24 48,640 a------- c:\windows\system32\hpzll4pi.dll
2009-07-15 07:23 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-07-15 07:23 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-07-15 07:23 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-07-15 07:23 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-07-15 07:23 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-07-15 07:23 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-07-15 07:22 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-15 07:22 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-15 07:22 --d----- c:\program files\HP
2009-07-15 07:21 123,131 a------- c:\windows\HPHins12.dat
2009-07-15 07:21 14,916 -------- c:\windows\hphmdl12.dat
2009-07-15 07:20 77,824 a------- c:\windows\system32\hpzids01.dll
2009-07-15 07:12 56 a------- C:\ut9x.bat
2009-07-15 07:12 54 a------- C:\ut.bat

==================== Find3M ====================

2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-11 05:42 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2003-04-21 09:53 32 a--sh--- c:\windows\{ACBD192C-B55B-4A66-8219-E55C4C8F00FD}.dat
2003-04-21 09:53 32 a--sh--- c:\windows\system32\{0947AF87-710F-482F-97EE-97B6BA59E74D}.dat

============= FINISH: 5:55:26.50 ===============

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?13th August 2009, 11:13 am

more_horiz
Hello larjoranj,

Please use the Post Reply button instead of the New Topic button. Thank you.

descriptionDo I have Personal Antivirus? EmptyOoops.13th August 2009, 12:21 pm

more_horiz
My Bad

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?13th August 2009, 4:14 pm

more_horiz
Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\ut9x.bat
    C:\ut.bat


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionDo I have Personal Antivirus? EmptyOTMoveit log14th August 2009, 9:55 am

more_horiz
========== FILES ==========
C:\ut9x.bat moved successfully.
C:\ut.bat moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 08142009_045135

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?14th August 2009, 6:16 pm

more_horiz
Hello.
The log looks good, I don't think personal AV is present here.

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?14th August 2009, 8:45 pm

more_horiz
It's running fine. Thanks.

descriptionDo I have Personal Antivirus? EmptyRe: Do I have Personal Antivirus?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum