Cannot Stop Antivirus 2009 Popups!
I have a few issues here, not sure what i can.
Havent had much help so far from anyone
See attached files if they will help?
I have ran a scan of Bitdefender and for some reason it wont even save a scan log!!!! so i cant show you what it ast found.
I believe it found a few aroud 6 viruses, some trojan's,
Last one i found was the follwing, trojan.generic.368316 and it couldnt be deleted or dealt with in anyway!!!
/applications/core/interface/file/attachment.php?id=2524" data-fileid="2524" rel="">sysdump.tar
/applications/core/interface/file/attachment.php?id=2525" data-fileid="2525" rel="">BDFileInfo.log
Comments
-
Hello imhardlyeva@hotmail.com,
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.
Kind regards,
Niels0 -
ComboFix 08-07-21.2 - JARROD 2008-07-23 11:12:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1147 [GMT -7:00]
Running from: C:\Users\JARROD.JARRODS.002\DOWNLOADS\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\Windows\system32\arrhmdec.dll
C:\Windows\system32\calnlofo.ini
C:\Windows\system32\dehwsemo.dll
C:\Windows\System32\dhdvcgus.ini
C:\Windows\system32\gogkpwbp.dll
C:\Windows\System32\IOrqAJlm.ini
C:\Windows\System32\IOrqAJlm.ini2
C:\Windows\system32\ipfajbqt.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mlJAqrOI.dll
C:\Windows\system32\msmrvemb.dll
C:\Windows\system32\ofolnlac.dll
C:\Windows\System32\OrXHOqru.ini
C:\Windows\System32\OrXHOqru.ini2
C:\Windows\system32\sysogg.dll
C:\Windows\system32\urqOHXrO.dll
C:\Windows\system32\uylswntd.dll
C:\Windows\system32\zdaqkb.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.
2008-07-23 11:09 . 2008-07-23 11:10 <DIR> d-------- C:\327882R2FWJFW
2008-07-22 23:42 . 2008-07-22 23:42 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-22 19:27 . 2008-07-22 19:52 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-22 19:27 . 2008-07-22 19:52 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-22 19:27 . 2008-07-22 19:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 18:18 . 2008-07-22 18:18 <DIR> d-------- C:\Users\JARROD.JARRODS.002\AppData\Roaming\BitDefender
2008-07-22 18:15 . 2008-07-22 18:18 <DIR> d-------- C:\Users\All Users\BitDefender
2008-07-22 18:15 . 2008-07-22 18:18 <DIR> d-------- C:\ProgramData\BitDefender
2008-07-22 18:15 . 2008-07-22 18:15 <DIR> d-------- C:\Program Files\BitDefender
2008-07-22 18:13 . 2008-07-22 18:15 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Local Settings
2008-07-22 11:10 . 2008-07-22 11:12 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-22 11:10 . 2008-07-22 11:12 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-22 11:10 . 2008-07-22 11:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-22 11:09 . 2008-07-22 11:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 10:58 . 2008-07-22 11:05 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-22 10:58 . 2008-07-22 11:05 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-22 10:57 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-07-21 16:40 . 2008-07-21 19:50 <DIR> d-------- C:\Users\JARROD.JARRODS.002\DoctorWeb
2008-07-12 05:53 . 2008-07-12 05:55 674,074 --a------ C:\Windows\unins000.exe
2008-07-12 05:53 . 2006-09-27 14:56 110,592 --a------ C:\Windows\System32\vcmimm4.dll
2008-07-12 05:53 . 2008-07-12 05:55 1,072 --a------ C:\Windows\unins000.dat
2008-07-11 12:55 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 12:55 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 12:55 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 07:16 . 2008-04-26 01:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 07:16 . 2008-04-26 01:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 07:16 . 2008-04-26 01:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 07:16 . 2008-04-11 20:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 07:16 . 2008-05-09 20:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 07:16 . 2008-04-04 18:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 07:16 . 2008-04-04 20:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 07:15 . 2008-05-08 14:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 07:15 . 2008-05-08 14:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 07:15 . 2008-05-08 14:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 07:15 . 2008-05-08 14:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 07:15 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 07:15 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 07:15 . 2008-05-08 14:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-03 10:32 . 2008-07-23 11:29 81,984 --a------ C:\Windows\System32\bdod.bin
2008-07-01 15:56 . 2008-07-21 17:15 <DIR> d-------- C:\Netgear
2008-06-28 11:02 . 2008-06-28 11:02 <DIR> d-------- C:\Program Files\Morgan
2008-06-28 11:02 . 2002-11-15 05:11 77,824 --a------ C:\Windows\System32\MMSwitch.dll
2008-06-28 11:02 . 2002-11-18 08:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 17:42 63,128 ----a-w C:\Users\JARROD.JARRODS.002\AppData\Roaming\nvModes.dat
2008-07-22 17:57 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\Download Manager
2008-07-22 00:17 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\LimeWire
2008-07-19 19:06 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-10 10:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 18:49 --------- d-----w C:\Program Files\LimeWire
2008-06-02 23:16 86,792 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-05-29 18:06 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-24 01:26 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\DivX
2008-05-24 00:50 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\LG Electronics
2008-05-24 00:44 --------- d-----w C:\Program Files\DivX
2008-05-24 00:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-24 00:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 00:04 --------- d-----w C:\Program Files\LG PC Suite 2
2008-05-24 00:04 --------- d-----w C:\Program Files\LG Electronics
2008-05-23 00:32 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-23 00:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 08:49 174 --sha-w C:\Program Files\desktop.ini
2008-05-20 08:18 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-20 08:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-20 07:30 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-20 07:30 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2007-11-22 19:25 22,328 ----a-w C:\Users\JARROD.JARRODS.002\AppData\Roaming\PnkBstrK.sys
2007-10-26 17:46 1,145,896 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 12:22 3186440 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 12:22 3186440 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 15:22 417792]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-06 16:05 171448]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-07 20:48 963072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 09:12 1029416]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 09:30 405504]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-11-14 11:38 49416]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 16:05 185896]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-12 18:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-12 18:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-12 18:40 81920]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 02:50 4374528 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 22:38:14 2756608]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-22 09:43:23 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-16 19:30:45 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 12:07 96008 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\__c00A6144.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.divxa32"= divxa32.acm
"vidc.imm4"= vcmimm4.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-07 20:48 963072 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-10-23 15:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-06 16:05 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249877449-3608405973-2885732789-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB3AEB0D-516A-4BEC-A120-FAE673166A6B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E608778-360F-45F1-8640-9A8B903C1E5F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{2EB05168-39B1-481A-AF48-3BF9100547DE}C:\\program files\\aresgalaxydownloaderp2p\\aresgalaxydownloader.exe"= UDP:C:\program files\aresgalaxydownloaderp2p\aresgalaxydownloader.exe:AresGalaxyDownloader
"UDP Query User{4C783992-6CB7-4BED-9DF1-87FFF479C3AB}C:\\program files\\aresgalaxydownloaderp2p\\aresgalaxydownloader.exe"= TCP:C:\program files\aresgalaxydownloaderp2p\aresgalaxydownloader.exe:AresGalaxyDownloader
"{97ED723E-2EDD-4CAC-81AA-ACCE8BAD9F94}"= UDP:C:\Windows\Temp\~osD9DB.tmp\ossproxy.exe:ossproxy.exe
"{D0780B01-8609-4161-B021-156BE77BC496}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{412ED02F-CFF1-4A28-B26B-AC4953F458B4}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"TCP Query User{B86DFAA7-DFDA-4F0F-A0E1-D00528238108}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{E1053654-D5AE-4219-BB3F-E2FAC274BF36}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{D9EDE6E1-8107-4B17-8C9C-8EE9D658D418}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C8E6EA13-DDA9-4BFD-9FFF-DD99DA5DD77D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C0A233DE-7B46-4A46-B56C-E6959E7F4695}C:\\program files\\optusnet dsl internet\\dsc.exe"= UDP:C:\program files\optusnet dsl internet\dsc.exe:OptusNet Desktop Service Centre
"UDP Query User{C3218300-BB0D-421E-92A0-3C2DC03C508C}C:\\program files\\optusnet dsl internet\\dsc.exe"= TCP:C:\program files\optusnet dsl internet\dsc.exe:OptusNet Desktop Service Centre
"TCP Query User{10B21A88-9597-479D-9310-9D45DE812F66}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{123E1A32-D81C-4EF2-8697-55338C9C6EA7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{2391B21E-2F5B-43CF-B5D0-DEB307EDBD44}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{788FFCCA-FFEA-46F9-8F05-CCB7C936CD24}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8D98D870-043D-42EE-96C5-4766AC8FAF40}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8F602349-8745-436F-8A00-0F3F10EF12AA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{378DAF26-9013-4AB5-8370-116D61360692}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{B1AC4CD4-A5E3-4827-AFD2-3564D7EAC9D4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E3385FD9-EC34-499B-A663-E8093902A313}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{236961D4-A306-4703-A97E-36CEB66A8A67}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{29B1FEE6-5D3D-49FB-BEA2-107201CE06E2}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{18244FA0-7D6C-4783-8E5C-DC6F7F5BF03A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{450B4A47-5F07-4173-B953-D80EFEBEDB8A}"= UDP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{5A6FD600-F65E-4794-B089-D623C7EAFC3B}"= TCP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{97FCFD57-0608-4026-867E-91D256725F5F}"= UDP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault
"{ED60DECF-9A7B-4430-B8BF-1A81913A387C}"= TCP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault
"{6F5AA93A-4477-4463-8566-207EC2375A9E}"= UDP:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:AVG Anti-Spyware
"{F451CC08-85F5-4296-BDF0-6277B4DD7548}"= TCP:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:AVG Anti-Spyware
"TCP Query User{5F13D175-E3E8-481F-B77B-01F9246884D2}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{F03AB11E-E355-49FB-97AC-6F3FFB9D197C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{5AA69953-DBB5-457B-A63A-1F60B25D77EA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare
"{4CBC1A1A-1B02-4DA9-91EE-13247306DE2A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare
"{2866677A-DAE8-4C9F-AE55-BA3BEDCE911A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BE5FB5E-5C31-4F18-B7E0-70A4BEDEDD7D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D0AF0721-85CF-4F45-BF6D-B049E4155ED7}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F264CB5B-B40A-4B44-AA03-B45E60DD3A93}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C9F8D942-5B50-48BF-A3CF-A68F764FD404}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{604D76B2-736C-4086-A7C8-A4D58D31A8DA}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F417D172-28C9-4087-8AE8-D156CEAE87D3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{260EBC62-CC15-48D5-A103-DCD267217650}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C559D763-A74E-4345-ABA7-55624A2EACBF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-BMad897e68 - C:\Windows\system32\uylswntd.dll
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
C:\Windows\Downloaded Program Files\OSDED4D.OSD
C:\Windows\Downloaded Program Files\InstallerControl.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:29:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\rlservice.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-07-23 11:39:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 18:38:05
Pre-Run: 115,814,330,368 bytes free
Post-Run: 115,511,042,048 bytes free
317 --- E O F --- 2008-07-11 20:04:350 -
Here is a list of a couple of viruses that seem to not want to diassapear.
0 -
UPDATE: I HAVE NO ISSUES NOW WITH PERFOMING SCANS AND HAVE RECENTLY INSTALLED BITDEFENDER TOTOAL SECURITY 2008.
BITDEFENDER IS RUNNING WELL AND HAS BLOCKED THE ABOVE VIRUSES SINCE THE NEW INSTALL.
SORRY FOR NOT CLEARING THAT UP EARLIER, BUT I STILL HAVE THE POPUP ISSUES IN THE FIRST POST0 -
UPDATE:
Well it appears as though my problem has dissapeared. Im not sure whether it can happen however i beliive combifix.exe fixed my computer, possibly from restoring an old point on my computer? Not sure whether this can acutally happen but i believe it did.
I havent had any further issues since my last post. So very happy.
Can someone confirm my suggestion as a fix for this issue?0 -
Run a full scan with SUPERAntiSpyware Free
0 -
Hello imhardlyeva@hotmail.com,
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.
Kind regards,
Niels
I had the same problem and because of the advise of Mr Niels my PC is now 100% again. You are my new hero!!!0 -
I ran the combofix and it is still there, keeps blocking my web pages and the google page says i need to install it.
ComboFix 09-01-17.01 - Scott 2009-01-17 12:29:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.128 [GMT -5:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
c:\documents and settings\Scott\Application Data\FunWebProducts
c:\documents and settings\Scott\Application Data\FunWebProducts\Data\Scott\avatar.dat
c:\documents and settings\Scott\Application Data\FunWebProducts\Data\Scott\register.dat
c:\windows\system32\apewaped.ini
c:\windows\system32\depemtka.ini
c:\windows\system32\ejetasem.ini
c:\windows\system32\gihubiro.dll
c:\windows\system32\hgmmmahl.ini
c:\windows\system32\imiveked.ini
c:\windows\system32\iteramij.ini
c:\windows\system32\itinivoh.ini
c:\windows\system32\jemehaga.dll
c:\windows\system32\jepunulu.dll
c:\windows\system32\jqtsdyeh.ini
c:\windows\system32\mwukyugj.ini
c:\windows\system32\nyxqoygw.ini
c:\windows\system32\odalusig.ini
c:\windows\system32\okelemar.ini
c:\windows\system32\owepamiw.ini
c:\windows\system32\squtuwds.ini
c:\windows\system32\srnlengv.ini
c:\windows\system32\tonetupi.dll
c:\windows\system32\urabunir.ini
c:\windows\system32\urihuhip.ini
c:\windows\system32\xqrnijyo.ini
c:\windows\system32\YHPAaccf.ini
c:\windows\system32\YHPAaccf.ini2
.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.
2009-01-17 12:19 . 2009-01-17 12:19 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-01-16 21:38 . 2009-01-16 21:38 <DIR> d-------- c:\program files\CCleaner
2009-01-16 19:28 . 2009-01-16 19:28 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2009-01-16 19:27 . 2009-01-16 20:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-16 19:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 19:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 12:51 . 2009-01-04 12:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 10:57 . 2009-01-02 14:58 <DIR> d-------- c:\documents and settings\Scott\.housecall6.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 17:38 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-04 17:50 --------- d-----w c:\program files\Java
2009-01-03 22:43 --------- d-----w c:\program files\Apple Software Update
2008-12-16 02:56 --------- d-----w c:\program files\MSECache
2008-12-15 22:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 22:55 --------- d-----w c:\program files\Common Files\Nikon
2008-12-15 22:55 --------- d-----w c:\documents and settings\Scott\Application Data\OfficeUpdate12
2008-12-15 22:50 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-15 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-10-01 10:31 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-04 07:00 296448 --a------ c:\windows\system32\winsystems.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2005-11-15 85744]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-10-04 11:42 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-11-15 12:28 85744 c:\progra~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\Directcd.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_2_6.EXE"=
"c:\\Program Files\\Symantec AntiVirus\\DWHWizrd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]
S0 rytt;rytt;c:\windows\system32\drivers\iusvdp.sys --> c:\windows\system32\drivers\iusvdp.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]
.
Contents of the 'Scheduled Tasks' folder
2009-01-17 c:\windows\Tasks\xrxafhuy.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6AC502AD-C559-4CC1-AEA8-96732641EA6C} - (no file)
Notify-geBrpoPI - geBrpoPI.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:38:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\msacm32.drv
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-17 12:44:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 17:44:00
Pre-Run: 30,626,930,688 bytes free
Post-Run: 30,968,905,728 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
172 --- E O F --- 2009-01-17 04:40:270 -
i had this same problem. i installed malwarebytes anti maleware and it removed it
0