Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"AntiVirus2008" virus removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 LisaAWG

LisaAWG

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 01 January 2009 - 05:16 PM

Hello,

I think I'm infected w/ "VirusRemover2008". I have a little icon in the bottom right corner (next to the time), that looks like a shield and a message bubble keeps popping up saying that "You have a security problem!". On a regular basis, a message box pops up and says that I have a security problem & do I want to scan the computer. Occasionally there will be other pop-ups and IE will open up trying to scan the computer and to download some other type of virus scan.

Thanks!


DDS (Version 1.1.0) - NTFSx86
Run by Garfield at 14:01:03.51 on Thu 01/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1255 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Garfield\AppData\Local\Temp\a.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Garfield\AppData\Local\Temp\~tmpc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Garfield\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{EF18F771-BF35-4A1C-8E69-CB64F89A2233}
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Cognac] c:\users\garfield\appdata\local\temp\~tmpb.exe
uRun: [MSFox] c:\users\garfield\appdata\local\temp\a.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [<NO NAME>]
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files\google\gmail notifier\gnotify.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Malware Reboot] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\garfield\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: WRNotifier - WRLogonNTF.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\garfield\appdata\roaming\mozilla\firefox\profiles\xryjqewi.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\users\garfield\appdata\roaming\mozilla\firefox\profiles\xryjqewi.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll

============= SERVICES / DRIVERS ===============

R2 DQLWinService;DQLWinService;"c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe" [2006-9-3 208896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe" [2008-12-29 206096]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-4-18 366080]
S2 0250181230611618mcinstcleanup;McAfee Application Installer Cleanup (0250181230611618);c:\users\garfield\appdata\local\temp\025018~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service []
S2 IntelDHSvcConf;Intel DH Service;"c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe" [2006-5-10 29696]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2008-12-29 20:36 9,609 a------- c:\windows\system32\Config.MPF
2008-12-29 20:36 <DIR> --d----- c:\programdata\SiteAdvisor
2008-12-29 20:35 143,360 a------- c:\windows\system32\dunzip32.dll
2008-12-29 20:33 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-29 20:33 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-29 20:33 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2008-12-29 20:33 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-29 20:33 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-29 20:33 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-29 20:33 <DIR> --d----- c:\program files\McAfee.com
2008-12-29 20:33 <DIR> --d----- c:\program files\common files\McAfee
2008-12-29 20:33 <DIR> --d----- c:\program files\McAfee
2008-12-29 18:21 <DIR> --d----- c:\users\garfield\appdata\roaming\McAfee
2008-12-28 09:00 <DIR> --d----- c:\program files\common files\xing shared
2008-12-18 07:55 <DIR> --d----- c:\windows\system32\IOSUBSYS
2008-12-17 18:53 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 03:04 2,048 a------- c:\windows\system32\tzres.dll
2008-12-12 08:58 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-12 08:58 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-12 08:58 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-12 08:57 2,927,104 a------- c:\windows\explorer.exe
2008-12-12 08:57 827,392 a------- c:\windows\system32\wininet.dll
2008-12-12 08:57 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-12 08:57 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-12 08:57 94,720 a------- c:\windows\system32\logagent.exe
2008-12-02 23:04 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-02 23:04 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-02 23:04 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-02 23:04 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2008-12-29 18:23 174 a--sh--- c:\program files\desktop.ini
2008-11-30 13:00 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-30 13:00 86,016 a------- c:\windows\inf\infstor.dat
2008-11-30 13:00 51,200 a------- c:\windows\inf\infpub.dat
2008-11-17 12:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-31 19:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 19:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 19:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 19:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 19:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-21 19:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-20 21:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-06-17 15:42 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:02:51.02 ===============

Attached Files


Edited by LisaAWG, 01 January 2009 - 05:17 PM.


BC AdBot (Login to Remove)

 


#2 LisaAWG

LisaAWG
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 04 January 2009 - 01:25 AM

I ran Malwarebytes Anti-Malware & things seem to be running fine.

No reply necessary.

Thanks

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 05 January 2009 - 09:59 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HijackThis Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users