GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Antivirus System Pro virus help needed

3 posters

descriptionAntivirus System Pro virus help needed EmptyAntivirus System Pro virus help needed28th November 2009, 3:11 pm

more_horiz
I got hit with antivirus system pro on my computer. I'm thinking one of my little cousins did something on Thanksgiving tho I am not sure. It is not allowing me to run malwarebytes. I tried downloading hijackthis but it will not allow me to open it. What can I do? This thing is a terror.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed28th November 2009, 6:50 pm

more_horiz
Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed28th November 2009, 10:17 pm

more_horiz
Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read this over and click here to open a new topic. -Doctor Inferno

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed29th November 2009, 1:52 am

more_horiz
Looks like Doc made a mistake and removed the wrong post. LMBO or ROFL

Can you re-post whatever you posted before?

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed29th November 2009, 2:35 am

more_horiz
I said the virus will not let me run the program.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed29th November 2009, 7:07 pm

more_horiz
Rename it from exeHelper to explorer and see if it runs then.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed30th November 2009, 1:47 am

more_horiz
That didnt work either. Also tried downloading combofix and renaming it to commy and running it from start run but I keep getting the same error message.

descriptionAntivirus System Pro virus help needed EmptyAntivirus System Pro solution30th November 2009, 1:52 am

more_horiz
I tried to reboot in safe mode, it wouldn't let me, however, in Vista 64-bit it created a "start' error, which allowed me to restore my computer at a point from the day before. That seems to have gotten rid of it. Maybe if you can reboot in safe mode and restore to that point prior to infection, it will work for you also. I had tried everything, it had taken over my taskmgr, etc. this is all that worked. I then downloaded Malwarebytes and swept my computer with it. It did not detect Antivirus system pro on computer any longer.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed30th November 2009, 8:34 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Antivirus System Pro virus help needed CF_download_FF

    Antivirus System Pro virus help needed CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Antivirus System Pro virus help needed Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Antivirus System Pro virus help needed Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed30th November 2009, 11:24 pm

more_horiz
ComboFix 09-11-30.02 - JC 11/30/2009 18:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1444 [GMT -5:00]
Running from: c:\documents and settings\JC\Desktop\Combo-Fix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JC\Local Settings\Application Data\tmskhh
c:\documents and settings\JC\Local Settings\Application Data\tmskhh\solmsysguard.exe
C:\LOG.TXT

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-10 23:13 . 2009-11-10 23:13 -------- d-----w- c:\program files\IrfanView
2009-11-07 02:08 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-07 02:08 . 2009-11-07 23:06 -------- d-----w- c:\program files\Cheat Engine
2009-11-07 02:08 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-03 22:52 . 2009-11-03 22:52 -------- d-----w- c:\documents and settings\JC\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 00:47 . 2009-10-18 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 23:15 . 2009-10-21 23:15 -------- d-----w- c:\program files\ESET
2009-10-19 21:56 . 2009-10-18 23:36 0 ----a-w- c:\windows\system32\sck236jn.dat
2009-10-19 01:05 . 2009-10-19 01:05 -------- d-----w- c:\program files\Trend Micro
2009-10-19 00:14 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 23:50 . 2009-10-18 23:35 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-10-18 23:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-10-18 23:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2006-02-15 14:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:07 . 2006-02-16 16:59 67528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 01:48 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_23.59.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 23:12 . 2009-11-30 23:12 16384 c:\windows\Temp\Perflib_Perfdata_420.dat
- 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2006-02-15 14:03 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2006-02-15 14:03 . 2009-11-01 13:27 72134 c:\windows\system32\perfc009.dat
- 2006-02-15 14:03 . 2009-10-17 07:08 72134 c:\windows\system32\perfc009.dat
- 2007-08-13 22:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 22:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
- 2006-02-15 14:02 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 78336 c:\windows\system32\ieencode.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll
+ 2006-02-15 14:02 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2006-02-15 14:02 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 22:36 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-09-20 14:38 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-09-20 14:38 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-09-20 14:38 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 22:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 22:39 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-29 04:46 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-29 04:46 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 22:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:39 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-09-20 14:38 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-13 22:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 22:42 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-03 22:59 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
- 2006-02-15 14:02 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 17408 c:\windows\system32\corpol.dll
+ 2006-02-15 15:41 . 2009-11-30 22:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-09-18 21:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-09-18 21:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-28 22:13 . 2009-11-30 22:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-25 08:00 . 2009-11-25 08:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-22 07:00 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-22 07:00 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455-IE7\update\spcustom.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455-IE7\spmsg.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\pngfilt.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 52224 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeedsbs.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 27648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\jsproxy.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 13824 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieudinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iernonce.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 78336 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieencode.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 70656 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ie4uinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 63488 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\icardie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 17408 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\corpol.dll
+ 2006-02-15 14:04 . 2009-08-29 07:36 832512 c:\windows\system32\wininet.dll
- 2006-02-15 14:04 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2006-02-15 14:04 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
- 2006-02-15 14:04 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2006-02-15 14:04 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
- 2006-02-15 14:03 . 2009-10-17 07:08 443034 c:\windows\system32\perfh009.dat
+ 2006-02-15 14:03 . 2009-11-01 13:27 443034 c:\windows\system32\perfh009.dat
- 2006-02-15 14:03 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2006-02-15 14:03 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2006-02-15 14:03 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
+ 2006-02-15 14:03 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2006-02-15 14:03 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2006-02-15 14:03 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2006-02-15 14:02 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2006-02-15 14:02 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2006-02-15 07:29 . 2009-09-03 07:07 255864 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-15 07:29 . 2009-11-11 08:19 255864 c:\windows\system32\FNTCACHE.DAT
- 2006-02-15 14:02 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2007-06-19 23:08 . 2009-04-21 03:12 149768 c:\windows\system32\drivers\WpsHelper.sys
- 2007-06-19 23:08 . 2009-04-21 02:12 149768 c:\windows\system32\drivers\WpsHelper.sys
+ 2009-04-29 04:46 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:44 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 22:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:44 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 22:44 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-09-20 14:38 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 22:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-09-20 14:38 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 22:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-09-20 14:38 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 21:56 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 21:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 22:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 22:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 22:54 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:35 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 22:35 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 22:35 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 22:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-02-15 14:02 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2006-02-15 14:02 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2009-11-25 08:00 . 2009-11-25 08:00 429568 c:\windows\Installer\1dfd3487.msi
+ 2009-11-05 08:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-05 08:00 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-22 07:00 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-22 07:00 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-22 07:00 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE7\update\updspapi.dll
+ 2009-10-22 07:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
+ 2009-10-22 07:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455-IE7\spuninst.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 840704 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 233472 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\webcheck.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 105984 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\url.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 102912 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\occache.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 671232 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mstime.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 193024 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msrating.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 477696 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtmled.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 459264 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeeds.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 634648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 268288 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iertutil.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 388608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iedkcs32.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 380928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 161792 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakui.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 230400 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieaksie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 153088 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakeng.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 132608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\extmgr.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 214528 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtrans.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 347136 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtmsft.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 124928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\advpack.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2006-02-15 14:04 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2006-02-15 14:04 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2008-08-30 00:06 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-02-15 14:03 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-02-15 14:03 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 22:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2009-04-17 12:26 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-04-29 04:46 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-19 07:13 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-07-19 07:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-04-29 04:46 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-09-20 14:38 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-09-20 14:38 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-05 08:00 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-10-22 07:00 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-22 07:00 . 2009-07-19 23:03 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-22 07:00 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-21 21:45 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-09-02 01:28 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 11:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 11:55 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 11:25 PM 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/18/2009 12:53 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 4:00 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 3:55 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-07-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\fillbma2.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-eqbqnrip - c:\documents and settings\JC\Local Settings\Application Data\tmskhh\solmsysguard.exe
HKLM-Run-eqbqnrip - c:\documents and settings\JC\Local Settings\Application Data\tmskhh\solmsysguard.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\program files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe REMOVEALL
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll

- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2009-11-30 18:22
ComboFix-quarantined-files.txt 2009-11-30 23:22
ComboFix2.txt 2009-10-21 04:27
ComboFix3.txt 2009-10-21 00:03

Pre-Run: 15,224,770,560 bytes free
Post-Run: 15,397,937,152 bytes free

- - End Of File - - 66625AC6AD8A697D4CDBDDAAA0ACD827

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 1:39 am

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 3:18 am

more_horiz
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AIM 6
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Cheat Engine 5.5
Convert AVI to MP4 1.3
DVD-RAM Driver
ESET Online Scanner v3
ESPNMotion
FATE
Full Tilt Poker
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 4
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.5)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
MyConnect Special Offer
mZConfig
Nero 8 Lite 8.3.6.0
Office 2003 Trial Assistant
Otto
PokerStars
Polar Golfer
Pure Networks Port Magic
QuickTime
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Music Engine

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 10:06 pm

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 4
    Viewpoint Media Player

How is the machine running now?

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 10:27 pm

more_horiz
It is working well tho I havent restarted yet. Also, just a fyi but I had to use rkill first in order to use combofix (even after renaming it). I'll restart and then let you know if anything comes up.

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 10:40 pm

more_horiz
Just restarted and nothing has popped up. Everything looks straight. Thanks for the help. Anything else I need to do now?

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed1st December 2009, 11:36 pm

more_horiz
We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionAntivirus System Pro virus help needed EmptyRe: Antivirus System Pro virus help needed

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum