Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 chu126

chu126

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 28 February 2009 - 09:06 AM

Hello everyone

I have the antivirus 2009 problem on my computer. I have used several free pieces of software to try and remove it but with no luck. I have used Malwarebytes (updated) several times this morning. It keeps coming up with the same infected files each time I run it but doesn't seem to be able to delete them. I have attached the various log files needed, Can anyone help please?

Richard


DDS (Ver_09-02-01.01) - NTFSx86
Run by Richard Edwards at 11:13:40.87 on 28/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.349 [GMT 0:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\Saf50.tmp\dds.scr




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 16/04/2005 13:25:55
System Uptime: 28/02/2009 10:46:36 (1 hours ago)

Motherboard: Dell Inc. | | 0W5363
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 19.213 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 149 GiB total, 41.302 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP879: 26/01/2009 08:27:25 - System Checkpoint
RP880: 27/01/2009 22:27:18 - System Checkpoint
RP881: 31/01/2009 00:10:37 - System Checkpoint
RP882: 01/02/2009 21:10:50 - System Checkpoint
RP883: 07/02/2009 10:52:07 - System Checkpoint
RP884: 08/02/2009 12:36:54 - System Checkpoint
RP885: 09/02/2009 13:20:19 - System Checkpoint
RP886: 11/02/2009 22:03:04 - System Checkpoint
RP887: 11/02/2009 23:37:10 - Software Distribution Service 3.0
RP888: 14/02/2009 17:23:19 - System Checkpoint
RP889: 23/02/2009 19:38:58 - System Checkpoint
RP890: 24/02/2009 21:47:48 - System Checkpoint
RP891: 26/02/2009 01:35:25 - System Checkpoint
RP892: 26/02/2009 03:00:17 - Software Distribution Service 3.0
RP893: 26/02/2009 21:18:22 - Installed SUPERAntiSpyware Free Edition
RP894: 27/02/2009 20:11:43 - Installed SmitFraudFixTool
RP895: 27/02/2009 20:29:50 - Installed Windows Defender
RP896: 27/02/2009 20:30:58 - Software Distribution Service 3.0
RP897: 27/02/2009 20:32:48 - Windows Defender Checkpoint
RP898: 27/02/2009 21:06:02 - Windows Defender Checkpoint
RP899: 27/02/2009 21:09:35 - Removed SUPERAntiSpyware Free Edition
RP900: 27/02/2009 21:10:47 - Removed Sony Ericsson PC Suite 1.20.224
RP901: 27/02/2009 22:17:41 - Windows Defender Checkpoint
RP902: 27/02/2009 22:32:05 - Windows Defender Checkpoint
RP903: 28/02/2009 10:44:55 - Windows Defender Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
AC3Filter (remove only)
Acoustica CD/DVD Label Maker
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 7.5
BitTorrent
Bonjour
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Driver Reset Tool
Dell Photo AIO Printer 922
Dell System Restore
Digital Photo Navigator 1.5
Disc2Phone
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
ffdshow [rev 2527] [2008-12-19]
FLV Player 2.0 (build 25)
Free iPod Video Converter 1.34
G15A922EN
GameSpy Comrade
Google Earth
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImTOO MOV Converter
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
InterVideo WinDVD 6
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Modem Event Monitor
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NatWest Business Software
OpenOffice.org Installer 1.0
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerISO
PowerProducer
QuickTime
RealPlayer
Safari
Salter MiBody Health Management
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Smart Menus (Windows Live Toolbar)
SmitFraudFixTool
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpyNoMore 2.67
Synacast Plug-in 1.1.0.1
Text-To-Speech
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vodei Multimedia Processor 2.10
WebFldrs XP
Webshots Desktop
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Xvid 1.1.2 final uninstall
Yahoo! Address AutoComplete
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

27/02/2009 19:00:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
27/02/2009 18:00:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
27/02/2009 17:24:56, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
27/02/2009 17:22:11, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
27/02/2009 17:00:00, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
27/02/2009 16:00:00, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
27/02/2009 15:00:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
27/02/2009 14:00:00, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
27/02/2009 08:00:00, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
27/02/2009 07:00:00, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
27/02/2009 06:00:00, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
27/02/2009 05:00:00, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
27/02/2009 04:00:00, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
27/02/2009 03:00:00, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
27/02/2009 02:00:00, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
27/02/2009 01:00:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
27/02/2009 00:46:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
26/02/2009 23:00:00, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
26/02/2009 22:43:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'hq6S244D.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
26/02/2009 20:32:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
26/02/2009 08:15:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 SASKUTIL sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
26/02/2009 07:48:35, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
24/02/2009 22:30:26, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001150C29BED has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
27/02/2009 20:00:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
27/02/2009 20:27:33, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2009 21:09:39, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
27/02/2009 22:01:46, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/02/2009 22:02:02, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2009 22:02:02, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2009 22:02:02, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2009 22:02:02, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2009 22:02:02, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2009 22:02:02, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec NetBT RasAcd SCDEmu Tcpip
27/02/2009 22:02:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================


Malwarebytes' Anti-Malware 1.34
Database version: 1812
Windows 5.1.2600 Service Pack 3

28/02/2009 11:50:44
mbam-log-2009-02-28 (11-50-44).txt

Scan type: Quick Scan
Objects scanned: 79216
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:50 PM

Posted 14 March 2009 - 01:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:50 PM

Posted 19 March 2009 - 11:37 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users