Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Personal Guard 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 quantumcreators

quantumcreators

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 11 October 2009 - 03:22 PM

PC will not open in safe mode ran Malware cc clean PC has McFee keep reloading. Stop service with Process monitor but restarts. Manually edit registry and deleted files. Help


DDS (Ver_09-09-29.01) - NTFSx86
Run by HP_Owner at 14:54:37.17 on Sun 10/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.59 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Personal Guard 2009\personalguard.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Owner\Desktop\Cleanup Tools\dds.scr
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\HP_Owner\Desktop\Cleanup Tools\Sep 03 2009 (F)\procexp.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EZNXP] c:\progra~1\ezn\easyin~1\eznorun.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.2\SetHook.exe
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [EPSON PictureMate] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [personalguard] c:\program files\personal guard 2009\personalguard.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191600284390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A4442F1E-3165-41CE-815D-DC2B249F463F} = 77.74.48.113
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: OSDriver - {427D001B-8292-4A8B-9988-102994FEDC9C} - c:\documents and settings\all users\microsoft private data\microsoft\lan.dll
SSODL: SystemLoading - {B270BEFA-DACC-4DAF-A372-5A21DC80E0D3} - c:\documents and settings\all users\microsoft private data\microsoft\ssibrkxtqe.dll
SSODL: kuhegoniv - {3f06385f-8e83-4e2b-96ab-f43aa4435195} - No File
STS: {3f06385f-8e83-4e2b-96ab-f43aa4435195} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli zupejaku.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-11 12:30 <DIR> --d----- c:\program files\Personal Guard 2009
2009-10-11 11:12 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-10-11 11:12 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-10-11 11:11 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-10-11 11:11 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-09-29 17:28 4,880 a------- c:\windows\system32\tmp.reg
2009-09-27 17:08 42,065 a------- C:\EasyShare.dmp
2009-09-27 16:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12775934
2009-09-21 17:30 <DIR> --d----- c:\program files\CCleaner
2009-09-21 17:28 <DIR> --d----- c:\docume~1\hp_owner\applic~1\Malwarebytes
2009-09-21 17:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 17:28 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-21 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-18 15:11 0 a------- c:\windows\system32\26500.exe
2009-09-18 14:11 0 a------- c:\windows\system32\6334.exe
2009-09-18 13:11 0 a------- c:\windows\system32\18467.exe
2009-09-18 12:11 0 a------- c:\windows\system32\41.exe
2009-09-18 12:11 47,872 a------- c:\windows\certificates.exe
2009-09-18 12:11 38,352 a------- c:\windows\regeditsys.exe
2009-09-18 12:11 18,941 a------- c:\windows\microsoftreg.dll
2009-09-18 12:09 <DIR> --d----- c:\documents and settings\all users\Microsoft Private Data

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2005-02-01 22:04 0 a--sh--- c:\windows\sminst\HPCD.SYS
2009-06-21 06:59 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 14:58:10.03 ===============
:(

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:52 PM

Posted 21 October 2009 - 02:17 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds log (both dds.txt & attach.txt), please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:52 PM

Posted 26 October 2009 - 02:22 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users