Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cyber Security was not removed with the instructions given here


  • This topic is locked This topic is locked
2 replies to this topic

#1 skifreak20

skifreak20

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 06 November 2009 - 06:51 PM

The Cyber Security program remained on my computer after following the procedure listed on this website. Does anyone know how to remove it permanently?

DDS (Ver_09-10-26.01) - FAT32x86
Run by David Harrison at 17:29:52.99 on Fri 11/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [David Harrison] c:\documents and settings\david harrison\David Harrison.exe /i
uRun: [<NO NAME>] c:\docume~1\davidh~1\locals~1\temp\ou8fg5fi1.exe
uRun: [PPAP] c:\documents and settings\all users\application data\ppliveva\application\PPAP.exe
uRun: [CSec] c:\program files\csec\cs.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IRW] c:\windows\system32\IRW.exe
mRun: [Apple_KbdMgr] c:\program files\boot camp\KbdMgr.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\docume~1\davidh~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {022c4009-5283-4365-97bf-144054b40e2e} - http://itv.mop.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {fee1002d-90a5-4a5d-aabe-01803ffbcf7a} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: rqRhebAQ - rqRhebAQ.dll
AppInit_DLLs: zdmizg.dll c:\windows\system32\soyivita.dll vnjifq.dll c:\windows\system32\kivowule.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {c80a0be8-af3c-b1d2-c901-a0c041d91972} - c:\windows\system32\FLASHD.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUmmJYP
LSA: Notification Packages = scecli c:\windows\system32\soyivita.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidh~1\applic~1\mozilla\firefox\profiles\eyid5mbx.default\
FF - plugin: c:\documents and settings\david harrison\application data\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{70611D29-B6FF-40CD-BFE0-BC39E34D87FC}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-06 22:53:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:53:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 22:53:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 20:58:00 0 d-----w- c:\program files\CSec
2009-11-06 20:58:00 0 d-----w- c:\program files\common files\CSecUninstall
2009-11-06 20:57:49 0 d-----w- c:\program files\CS
2009-10-28 22:13:48 0 d-sh--w- C:\FOUND.011
2009-10-23 01:46:30 25 ----a-w- c:\windows\cdplayer.ini
2009-10-23 01:45:08 0 d-----w- c:\program files\common files\xing shared
2009-10-23 01:44:52 0 d-----w- c:\program files\common files\Real
2009-10-15 01:28:23 0 d-----w- c:\program files\Veetle
2009-10-13 01:04:37 38 ----a-w- C:\5C.tmp
2009-10-13 00:22:10 0 d-sh--w- C:\FOUND.010
2009-10-11 22:12:25 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 21:09:09 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-11 21:03:54 0 d--h--w- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-11 21:03:45 0 d-----w- c:\program files\Lavasoft
2009-10-10 01:40:41 204 ----a-w- c:\windows\struct~.ini
2009-10-10 01:40:13 0 d-----w- c:\program files\uusee
2009-10-10 01:33:41 0 d-----w- c:\program files\TVAnts
2009-10-10 01:28:53 0 d-----w- C:\FavoriteVideo

==================== Find3M ====================

2009-10-23 01:44:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-23 01:44:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-24 17:26:00 148187 ----a-w- c:\windows\hpoins36.dat
2009-07-14 04:07:52 45056 --sha-r- c:\windows\system32\flashd.dll
2009-07-14 04:59:48 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat

============= FINISH: 17:30:19.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:39 PM

Posted 10 November 2009 - 08:02 PM

Hello

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:39 PM

Posted 15 November 2009 - 07:21 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users