Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing what I believe to be AntiVirus 2008/2009


  • This topic is locked This topic is locked
1 reply to this topic

#1 Stelmack

Stelmack

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 01 March 2009 - 01:42 PM

If it is any help you can find my original topic here.

I have tried removing it through many means, but none have worked. When I did delete the internet explorer files the desktop reverted to normal, but that is the only thing here that is not in the other topic. If you need any more info I would be glad to share. This virus has been here for weeks and is really taking its toll on my system.

I would also like to note that Firefox has been having corrupt files lately, which is most likely the work of the virus. Everytime I start it up it acts as if every peice of software on it is on its first use, and that my default browser is not firefox. So I get 4 taps and 2 pop ups of frst time messages.

The DDS Log Below

DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Owner at 13:35:42.78 on Sun 03/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.62 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: Avanquest Fix-It *On-access scanning enabled* (Updated)
FW: Norton Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Compaq_Owner.EMPEROR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.EMPEROR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - c:\program files\dealio\kb124\Dealio.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnoMFwx.dll
BHO: {d17a172c-d32d-de08-5c14-6ac6c80318e6}: {6e81308c-6ca6-41c5-80ed-d23dc271a71d} - c:\windows\system32\hryeyz.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - c:\program files\dealio\kb124\Dealio.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Dealio: {5c4c24d0-28b6-4b6b-b70f-e09848367f10} - c:\program files\dealio\kb124\Dealio.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: Compare Prices with &Dealio - c:\documents and settings\compaq_owner.emperor\application data\dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA} - c:\program files\dealio\kb124\Dealio.dll
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215701487597
DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} - file:///C:/Program%20Files/Intelore/AnimatedDesktop/advThemes/WorkDir/7760015/Files/ActiveFormProj1.inf
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: nnnoMFwx - nnnoMFwx.dll
AppInit_DLLs: hryeyz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnoMFwx.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2008-12-22 13440]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 107272]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-2-10 13360]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-21 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-21 298264]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-2-10 68912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-6 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-4-12 507264]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-6 87848]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-12-9 255096]
S4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-12-9 218232]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-12-9 87160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-12-9 234616]
S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
S4 SBAMSvc;Sunbelt VIPRE Antivirus Service;c:\program files\common files\antivirus\SBAMSvc.exe [2008-8-5 849192]

=============== Created Last 30 ================

2009-02-28 14:47 251,392 a------- c:\windows\xccdf32_090131a.dll
2009-02-28 14:47 36,352 a------- c:\windows\xccdf16_090131a.dll
2009-02-28 14:47 155,175 a------- c:\windows\system\xccef090131.exe
2009-02-28 14:47 433 a------- c:\windows\xccwinsys.ini
2009-02-28 14:47 --d----- c:\windows\system32\inf
2009-02-28 14:47 155,175 a------- c:\windows\system32\icv.exe
2009-02-28 01:09 --d----- c:\docume~1\compaq~1.emp\applic~1\The Creative Assembly
2009-02-28 01:05 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-02-28 01:04 --d----- c:\windows\Logs
2009-02-26 17:45 --d----- c:\documents and settings\compaq_owner.emperor\DoctorWeb
2009-02-25 00:04 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 00:03 --d----- c:\program files\Lavasoft
2009-02-24 22:36 0 a------- c:\windows\PTWebCam.INI
2009-02-24 22:36 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-02-24 22:36 28,672 a------- c:\windows\system32\vidcap.ax
2009-02-24 22:36 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-24 22:36 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-02-24 22:32 48,128 a------- c:\windows\system32\Remove.exe
2009-02-24 22:32 408 a------- c:\windows\system32\Remover.ini
2009-02-24 22:32 --d----- c:\windows\PixArt
2009-02-24 22:32 --d----- c:\program files\PC CIF Camer@
2009-02-24 22:32 --d----- c:\program files\common files\PAC207
2009-02-24 22:31 --d----- c:\program files\PhoTags Express
2009-02-21 20:10 --d-h--- C:\$AVG8.VAULT$
2009-02-21 20:08 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-21 20:08 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-21 20:08 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-21 20:07 --d----- c:\windows\system32\drivers\Avg
2009-02-21 20:07 --d----- c:\docume~1\compaq~1.emp\applic~1\AVGTOOLBAR
2009-02-21 20:07 --d----- c:\program files\AVG
2009-02-21 20:07 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-10 16:10 --d----- c:\program files\World of Warcraft
2009-02-10 16:09 68,912 a------- c:\windows\system32\drivers\sbapifs.sys
2009-02-10 16:09 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-02-10 16:03 --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-02-09 19:51 --d----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-02-09 19:49 --d-h--- C:\_Backup
2009-02-09 19:49 --d----- c:\docume~1\compaq~1.emp\applic~1\Avanquest
2009-02-09 19:49 --d----- c:\program files\common files\AntiVirus
2009-02-09 19:48 --d----- c:\program files\Avanquest
2009-02-09 12:58 1 a------- c:\windows\system32\uniq.tll
2009-02-07 22:22 529 a------- c:\windows\system32\winlogon2.exe
2009-02-07 13:40 --d----- c:\program files\Z-Virtual CD-DRIVE
2009-02-07 13:34 --d----- c:\program files\DAEMON Tools Pro
2009-02-07 13:34 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-02-07 13:29 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-07 13:29 --d----- c:\docume~1\compaq~1.emp\applic~1\DAEMON Tools Pro
2009-02-07 13:23 --d----- c:\docume~1\compaq~1.emp\applic~1\J. A. Associates
2009-02-07 13:23 --d----- c:\program files\J. A. Associates
2009-02-03 22:02 499,200 a------- c:\windows\system32\WZDPlay.dll
2009-02-03 22:02 --d----- c:\program files\common files\Idu
2009-02-03 22:01 --d----- c:\program files\WarZone
2009-02-01 10:35 --d----- c:\docume~1\compaq~1.emp\applic~1\ooVoo Details
2009-02-01 10:35 --d----- c:\program files\ooVoo

==================== Find3M ====================

2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-20 15:22 30 a------- c:\documents and settings\compaq_owner.emperor\jagex_runescape_preferences.dat
2007-02-11 11:26 32,177 ---sh--- c:\program files\common files\Yazzle1122OinUninstaller.exe
2005-09-24 20:56 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 13:36:21.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:16 PM

Posted 01 March 2009 - 05:37 PM

Duplicate topic closed. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users