Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Antivirus System Pro infection, prework done
Register for a Free Account

[Fixed] Hijackthis! Logs - Antivirus System Pro infection, prework done posted in the Security & Safety forums; First, Thank you so much for your help. I'm trying to follow all the instructions for posting to the letter. I first noticed there was a problem when avast alerted ...

Advertisement
Advertisement

Reply
Recommended Driver Scanner
Page 1 of 2 1 2
Old 11-07-2009   #1
Bronze Member
 
Join Date: Nov 2009
Posts: 6
PC Experience: Some Experience
Question Antivirus System Pro infection, prework done
First, Thank you so much for your help. I'm trying to follow all the instructions for posting to the letter.

I first noticed there was a problem when avast alerted me to a .dll file associated with internet explorer that had an infection. Moments later a heretofore unseen window popped up as a virus scanner for this malware that looked to be scanning my hard drive. It appears to be the Antivirus System Pro trojan. It sends error messages on opening almost any file or website and shuts some of them down. In addition, it opened it's own web pages ( a viagra one repeatedly) at times in response to me trying to open one. There was a new shield icon in the system tray to represent this program, and as described elsewhere on the web it was a rather official looking popup urging you to purchase the program so you can be protected.

To disable the popups and alerts I was able to find and end the process jufvsysguard.exe in Task Manager.

I performed a boot time scan with Avast which did not fix the problem.

Next I downloaded trendmicro hijackthis and got a report with multiple suspicious entries, but not being well versed in it's use, I searched it's forums which led me here. I've just completed the prework.
Attached Files
File Type: txt RootRepeal.txt (4.6 KB, 1 views)
File Type: txt Attach.txt (19.8 KB, 0 views)
Ttowner is offline   Reply With Quote
Old 11-07-2009   #2
Bronze Member
 
Join Date: Nov 2009
Posts: 6
PC Experience: Some Experience
Default paste of DDS.txt
DDS (Ver_09-10-26.01) - NTFSx86
Run by James at 21:41:10.26 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.573 [GMT -6:00]

AV: avast! antivirus 4.8.1356 [VPS 091106-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\s wg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [fonconve] c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [fonconve] c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: abc.com\www
Trusted Zone: adobe.com\www
Trusted Zone: cupid.com\www
Trusted Zone: go.com\www.abc
Trusted Zone: google.com\mail
Trusted Zone: okcupid.com\www
Trusted Zone: uab.edu\uabcourses
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - hxxp://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185481773468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-2-23 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-10-14 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-14 24652]
S2 gupdate1ca21eeb3e3921c;Google Update Service (gupdate1ca21eeb3e3921c);c:\program files\google\update\GoogleUpdate.exe [2009-8-20 133104]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4 410m.sys [2009-9-30 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4 410u.sys [2009-9-30 52309]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-5-15 2077840]

=============== Created Last 30 ================

2009-11-07 02:01:18 0 d-----w- c:\program files\Trend Micro
2009-10-24 00:29:24 0 d-----w- c:\documents and settings\james\Logitech
2009-10-24 00:27:55 0 d-----w- c:\program files\common files\Remote Control Software Common
2009-10-24 00:27:33 0 d-----w- c:\program files\common files\Remote Control USB Driver

==================== Find3M ====================

2009-10-19 20:16:16 6336 ----a-w- c:\docume~1\james\applic~1\wklnhst.dat
2009-10-01 00:54:40 20992 ----a-w- c:\windows\jestertb.dll
2009-09-18 02:08:13 48744 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-11-16 13:31:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111620081 117\index.dat

============= FINISH: 21:41:32.60 ===============
Ttowner is offline   Reply With Quote
Old 11-07-2009   #3
Bronze Member
 
Join Date: Nov 2009
Posts: 6
PC Experience: Some Experience
Default Paste of checkup.txt
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
SonicStage Mastering Studio Audio Filter Custom Preset
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
SpySubtract
HijackThis 2.0.2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.5
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
Ttowner is offline   Reply With Quote
Old 11-07-2009   #4
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,304
PC Experience: Elite PC Guru
Default Re: Antivirus System Pro infection, prework d
You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**

========================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the red text in the quotebox below into it:


File::
c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe
Folder::
c:\documents and settings\james\local settings\application data\vnklhn
c:\program files\viewpoint
Registry::
DDS::
uRun: [fonconve] c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe
mRun: [fonconve] c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote
Old 11-07-2009   #5
Bronze Member
 
Join Date: Nov 2009
Posts: 6
PC Experience: Some Experience
Default Antivirus System Pro Combofix Script
Here it is Pancake, thanks a lot!

ComboFix 09-11-07.02 - James 11/07/2009 16:25.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.627 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\james\local settings\application data\vnklhn
c:\documents and settings\james\local settings\application data\vnklhn\jufvsysguard.exe
c:\program files\viewpoint
c:\program files\viewpoint\Common\ViewpointService.exe
c:\program files\viewpoint\Common\VistaBoot.sdll
c:\program files\viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\recycler\S-1-5-21-2000478354-507921405-682003330-500
c:\recycler\S-1-5-21-2634500395-3238792933-1943350455-500
c:\recycler\S-1-5-21-3154062926-1696613317-3751530460-500
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\jestertb.dll
c:\windows\kb913800.exe
c:\windows\setup.exe
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.g if
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over. gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepresse d.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gi f
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 02:01 . 2009-11-07 02:01 -------- d-----w- c:\program files\Trend Micro
2009-10-24 00:29 . 2009-10-24 00:31 -------- d-----w- c:\documents and settings\James\Logitech
2009-10-24 00:27 . 2009-10-24 00:30 -------- d-----w- c:\program files\Common Files\Remote Control Software Common
2009-10-24 00:27 . 2009-10-24 00:27 -------- d-----w- c:\program files\Logitech
2009-10-24 00:27 . 2009-10-24 00:27 -------- d-----w- c:\program files\Common Files\Remote Control USB Driver
2009-10-24 00:26 . 2009-10-24 00:26 -------- d-----w- c:\documents and settings\James\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-07 22:34 . 2007-10-15 03:16 1185 --sha-w- c:\windows\system32\mmf.sys
2009-10-24 00:27 . 2004-11-24 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 20:16 . 2007-07-27 22:35 6336 ----a-w- c:\documents and settings\James\Application Data\wklnhst.dat
2009-10-15 15:31 . 2009-02-14 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Tencent
2009-10-15 15:30 . 2007-07-18 17:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-15 15:28 . 2007-10-14 14:41 -------- d-----w- c:\program files\AIM6
2009-10-14 15:14 . 2007-07-18 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-14 13:12 . 2008-02-24 04:38 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-10-14 13:12 . 2008-02-24 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 13:12 . 2008-02-24 04:38 1680064 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache .dll
2009-10-03 02:44 . 2009-10-03 02:43 -------- d-----w- c:\program files\iTunes
2009-10-03 02:43 . 2009-10-03 02:43 -------- d-----w- c:\program files\iPod
2009-10-03 02:43 . 2008-01-03 00:13 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 02:33 . 2009-10-03 02:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-02 11:23 . 2009-10-02 11:23 52288 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-02 11:23 . 2009-10-02 11:23 64000 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.d ll
2009-10-02 11:23 . 2009-10-02 11:23 50688 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-02 11:23 . 2009-10-02 11:23 114688 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-10-01 00:35 . 2009-10-01 00:35 -------- d-----w- c:\program files\BitPim
2009-09-18 02:08 . 2009-09-18 02:08 48744 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-18 00:36 . 2008-01-03 00:14 -------- d-----w- c:\documents and settings\James\Application Data\Apple Computer
2009-09-18 00:34 . 2007-12-21 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-18 00:33 . 2009-09-18 00:33 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-18 00:32 . 2009-05-29 16:22 -------- d-----w- c:\program files\Safari
2009-09-18 00:27 . 2009-09-18 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 00:23 . 2009-09-18 00:23 -------- d-----w- c:\program files\QuickTime
2009-09-16 02:39 . 2009-09-16 02:39 17204720 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\rp\.exe
2009-09-16 02:38 . 2009-09-16 02:38 8406648 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\Googl eToolbarInstaller.exe
2009-09-16 02:38 . 2009-09-16 02:38 10309448 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-15 23:50 . 2008-10-10 03:44 488968 ----a-w- c:\documents and settings\James\Application Data\Real\Update\setup\setup.exe
2009-09-15 23:50 . 2009-09-15 23:50 488968 ----a-w- c:\documents and settings\James\Application Data\Real\Update\temp\~Upg0\setup.exe
2009-09-15 10:59 . 2009-02-23 12:45 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-02-23 12:45 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-02-23 12:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-02-23 12:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-02-23 12:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-02-23 12:45 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-02-23 12:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-02-23 12:45 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-02-23 12:45 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2004-11-24 17:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 08:21 . 2008-02-24 15:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-11-24 17:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-11-24 17:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-05-29 16:25 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-01-03 00:13 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-11-24 17:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-10 21:36 . 2007-07-18 16:45 57000 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-09-15 81000]
"VX6000"="c:\windows\vVX6000.exe" [2008-08-04 713744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-23 39264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^James^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\James\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"VzCdbSvc"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/23/2009 6:45 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2/23/2009 6:45 AM 20560]
S2 gupdate1ca21eeb3e3921c;Google Update Service (gupdate1ca21eeb3e3921c);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2009 5:33 PM 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/14/2007 9:16 PM 2560]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4 410m.sys [9/30/2009 6:48 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4 410u.sys [9/30/2009 6:48 PM 52309]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [5/15/2009 8:02 PM 2077840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-19 23:30]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 23:33]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 23:33]

2007-07-18 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-24 00:12]

2009-11-07 c:\windows\Tasks\User_Feed_Synchronization-{555EF712-4844-4E52-ACFA-30CE9F0C1CC5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: abc.com\www
Trusted Zone: adobe.com\www
Trusted Zone: cupid.com\www
Trusted Zone: go.com\www.abc
Trusted Zone: google.com\mail
Trusted Zone: okcupid.com\www
Trusted Zone: uab.edu\uabcourses
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-07 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6, a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de, a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d, 07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b ,a4,1e,da,46,25,2d,2a,72,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:6b,cf,50,60,d4,f4,a0,2f
"3"=hex:e2,fd,43,c9,b2,f4,55,87,89,e8,5e,f5,63,86, 27,ea,18,1f,26,98,b3,12,77,
f6,6a,64,c3,9b,a6,d8,44,a1,2b,f6,18,28,7e,ae,24,83 ,59,30,d7,1b,4c,de,a7,52,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52, f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb ,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:d0,5b,15,67,a5,cf,ea,5c,30,4f,40,6d,57,22, 43,6c,50,5c,11,a0,c4,0f,5f,
5e,6c,a8,15,95,d9,89,a2,48,c3,42,fa,46,3f,5c,76,c1 ,1e,51,25,ef,bf,0c,81,7e,\
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd, f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27 ,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:44,ae,ca,89,42,75,53,6e,7f,49,0a,2d,ab,58, 38,b1,de,f7,66,5c,8d,17,55,
8c,07,99,c8,1d,79,06,01,73,5d,64,bf,29,82,1e,c6,81
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:d6,66,55,c8,d6,66,67,8c,b5,38,b4,4f,7a,96 ,38,2d,c0,17,e9,35,4c,d8,10,
12,ac,f2,c0,a9,e4,44,f9,ad,5e,61,6f,f3,65,bf,81,f6 ,4d,f3,d5,e3,4f,b0,41,82,\
"13"=hex:a5,62,63,39,78,e5,7d,eb,38,73,18,3f,73,67 ,3a,8a,6b,6b,d3,95,e4,06,13,
14
"14"=hex:0d,a3,f0,13,5a,b2,4b,be,11,13,f0,3c,be,44 ,35,ac
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c0,b0,ed,c0,2a,26,18,a8,33,cd,43,5d,5c,90 ,08,e3
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:e4,a5,5d,5e,fa,0a,a9,3a,71,b7,62,0d,42,79 ,fc,f3,e7,f0,34,97,dd,83,2f,
38,f6,57,d9,da,96,12,18,e9,dd,85,67,45,fb,b9,29,30 ,36,c0,34,56,f7,60,7a,cc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
************************************************** ************************
.
Completion time: 2009-11-07 16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 22:40

Pre-Run: 99,484,618,752 bytes free
Post-Run: 103,856,619,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 4CECEB273FB7CF5D56368545B76AB4C5
Ttowner is offline   Reply With Quote
Old 11-07-2009   #6
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,304
PC Experience: Elite PC Guru
Default Re: Antivirus System Pro infection, prework d
I dont see any sign of malware now.it all looks fine.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:

http://www.pchelpforum.com/fixed-hij...afterwork.html
http://www.pchelpforum.com/fixed-hij...happening.html
http://www.pchelpforum.com/fixed-hij...-infected.html
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote
Old 11-07-2009   #7
Bronze Member
 
Join Date: Nov 2009
Posts: 6
PC Experience: Some Experience
Cool Thanks!
You guys are amazing and so helpful. I am in your debt. Once more thanks for all the help. I will review the links you posted.
Ttowner
Ttowner is offline   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
antivirus, infection, prework, pro, system
Similar discussions...
Thread Thread Starter Forum Replies Last Post
INFECTION: Anti Spyware Master/Antivirus 2009 rustydusty10 [Pending] HJT Logs 8 04-02-2009 11:46 PM
Solved: Trojans, Antivirus won't work, Can't system restor dthieren [Fixed] Hijackthis! Logs 16 02-06-2009 02:18 AM
Oversights under a Norton Antivirus Full System Scan intricate Anti-Virus 1 08-08-2008 05:27 PM
Solved: Hupigon13 infecting my system - PreWork done lsyriste [Fixed] Hijackthis! Logs 9 06-09-2008 05:36 AM

« fun.exe dc.exe - need help!!! | Problem's with my mother's PC. »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 06:10 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2