Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Having trouble removing Antivirus 2009

  • This topic is locked This topic is locked
2 replies to this topic

#1 derylc


  • Members
  • 2 posts
  • Local time:12:29 AM

Posted 20 January 2009 - 01:55 PM

My friend recently got Antivirus 2009 on his computer, I had to remove Antivirus 2008 on a different computer before, I used Malwarebytes' Anti-Malware to remove Antivirus 2008 and had no problems, however when I tried using the same program to remove Antivirus 2009 it seemed that I had removed all infections but when I opened Internet Explorer (he prefers IE to Firefox no matter what I tell him) his home page is Google and on the website it has a message saying that the computer might contain a virus and suggests Antivirus 2009 to remove it. Once you try to go to any other page it will say it is blocked etc. I noticed he did have any virus protection so I recently installed Firefox on his computer so I could put Mcafee on his computer and I realized that with Firefox I was not having the same problems that I was encountering with IE. Do I need to just re-install IE? or is there something I'm missing?

DDS (Ver_09-01-18.01) - NTFSx86
Run by Todd at 11:28:54.26 on Tue 01/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.197 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Todd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.lenovo.com/us/en/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: &Research: {0b014b81-4e12-46f9-806f-55867af8fd3c} - c:\windows\system32\winsystems.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Shell] "c:\windows\system32\rundll32.exe" "c:\windows\system32\shell32.dll",control_rundll "c:\windows\temp\dat11.tmp"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
TCP: {C2C71720-206F-486E-90C6-B7E27A584C6E} =,
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ancsq.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [2001-9-24 75776]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-2-28 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2006-2-28 9216]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-8 1174664]

=============== Created Last 30 ================

2009-01-14 18:47 <DIR> --d----- c:\docume~1\todd\applic~1\Malwarebytes
2009-01-14 18:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 18:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 18:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-14 18:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 11:18 107,368 -------- c:\windows\system32\GEARAspi.dll
2008-12-25 11:18 15,464 -------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-25 11:17 <DIR> --d----- c:\program files\iPod
2008-12-25 11:17 <DIR> --d----- c:\program files\iTunes
2008-12-25 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 11:16 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-01-19 07:38 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-01-12 10:15 9,188 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 11:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,184 -------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-11-30 12:51 262,144 -------- C:\ntuser.dat
2008-10-24 05:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:01 283,648 -------- c:\windows\system32\gdi32.dll
2008-10-23 07:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll

============= FINISH: 11:29:13.28 ===============

Attached Files

BC AdBot (Login to Remove)


#2 derylc

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:29 AM

Posted 20 January 2009 - 03:02 PM

It was just some spyware attached to Internet Explorer itself, ran virus scan and removed the necessary spyware.. thanks anyway..

#3 KoanYorel


    Bleepin' Conundrum

  • Staff Emeritus
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:29 AM

Posted 21 January 2009 - 11:05 AM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users