Thread: AntiVirus Pro 2009
View Single Post
Old 11-16-2008, 04:21 AM   #1 (permalink)
Xagest
Registered User
 
Join Date: Nov 2008
Posts: 5
OS: XP SP2


AntiVirus Pro 2009
Hello there,

It seems like my dad has run into a pretty nasty piece of software here, and I can't seem to figure it out. I went through some of basic of cleaning up the drive with no luck.

The adware/virus redirects google searches to random ad sites. It also prevents some software from functioning at all.

First thing I did was attempt to run Windows System Restore. It seems the "Next" button is disabled. You can click it, but the process won't proceed any further. Then I ran a boot-time anti virus scan using Avast. That got rid of a few viruses. Then I did a full thorough scan in safe mode, which caught a few more. Note that I cannot receive any updates for Avast on this machine. I tried to run SpyBot S&D, but the software never loads. After a reinstall of Spybot, it still wouldn't load (nor can it update. The update process gets redirected to 127.0.0.1 and fails, of course).

I run AdAware, although it cannot update itself. It only caught a few cookies here and there. I also ran MalWare Bytes AntiMaleware software, but the .exe file never runs.

I run the GMER software, but the .exe file never executes. The DDS file works, however. Overall, it looks extremely bad. I don't know what happened prior to the infection (not my computer), but I hope you guys can help me. Thanks in advance, and here is the log.

DDS (Version 1.0) - NTFSx86
Run by Thang at 407.55 on Sun 11/16/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.165 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thang\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LTWinModem1] ltmsg.exe 9
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [WG511WLU] c:\program files\netgear\wg511\utility\WG511WLU.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRunOnce: [AskTBar Uninstall] rundll32 c:\progra~1\UNINST~1.DLL,O -2
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\common files\arcsoft\connection service\bin\ACService.exe
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\drivers\WG511ICB.sys
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys
S3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\drivers\pv_wdm.sys

=============== Created Last 30 ================

2008-11-15 17:52 <DIR> --d----- c:\program files\RealVNC
2008-11-15 17:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-15 17:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 17:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-15 17:33 245,760 a------- c:\program files\Uninstall Ask Toolbar.dll
2008-11-15 16:01 <DIR> --d----- c:\program files\Lavasoft
2008-11-15 16:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-15 15:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-13 21:14 16,387 a------- c:\docume~1\thang\applic~1\ujumag.pif
2008-11-13 21:14 19,860 a------- c:\windows\anejuzy._sy
2008-11-13 21:14 19,580 a------- c:\windows\usuzusa.sys
2008-11-13 21:14 19,264 a------- c:\windows\ropov.reg
2008-11-13 21:14 15,934 a------- c:\docume~1\thang\applic~1\exega.exe
2008-11-13 21:14 10,947 a------- c:\docume~1\alluse~1\applic~1\cakyjumyb.vbs
2008-11-13 21:14 10,697 a------- c:\windows\system32\yfaq.pif
2008-11-13 21:14 15,140 a------- c:\docume~1\alluse~1\applic~1\kukofukali.com
2008-11-13 21:14 14,506 a------- c:\program files\common files\zekuwiq.exe
2008-11-13 21:14 14,421 a------- c:\windows\ehyleka.db
2008-11-13 21:14 13,185 a------- c:\docume~1\thang\applic~1\ozefoge.dll
2008-11-13 21:14 10,384 a------- c:\windows\cuwe._sy
2008-11-13 21:13 <DIR> --d----- c:\program files\AntivirusPro2009
2008-11-13 21:00 126,395 a------- c:\windows\system32\wini108019.exe
2008-11-13 20:51 114 a------- c:\windows\system32\delself.bat
2008-11-04 17:49 <DIR> --d----- c:\docume~1\thang\applic~1\Kodak
2008-11-04 17:47 <DIR> --d----- c:\program files\Kodak
2008-10-31 18:59 291 a------- c:\docume~1\thang\applic~1\mdbu.bin

==================== Find3M ====================

2008-11-15 14:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-15 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-09 12:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-09 12:10 <DIR> --d----- c:\program files\Symantec
2008-11-09 12:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-08 08:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ArcSoft
2008-11-05 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-10-31 20:10 <DIR> --d----- c:\program files\Greeting Card Creator 32
2008-10-31 20:07 <DIR> --d----- c:\program files\VideoLAN
2008-10-31 20:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PictureMover
2008-10-14 17:46 <DIR> --d----- c:\program files\OVT
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 16:12 <DIR> --d----- c:\docume~1\thang\applic~1\Costco Photo Organizer
2008-09-15 04:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-04 09:42 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-19 22:33 667,648 a------- c:\windows\system32\wininet.dll
2008-07-22 15:34 <DIR> --d----- c:\docume~1\thang\applic~1\PictureMover
2008-06-21 20:53 <DIR> --d----- c:\docume~1\thang\applic~1\Printer Info Cache
2007-12-14 17:18 <DIR> --d----- c:\docume~1\thang\applic~1\FFSJ
2007-11-03 21:19 <DIR> --d----- c:\docume~1\thang\applic~1\vlc
2007-08-27 21:12 <DIR> --d----- c:\docume~1\thang\applic~1\Nikon
2007-08-27 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ultima_T15
2007-08-27 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EnterNHelp
2007-05-22 17:29 <DIR> --d----- c:\docume~1\thang\applic~1\Snapfish
2006-12-18 18:06 <DIR> --d----- c:\docume~1\thang\applic~1\AdobeAUM

============= FINISH: 433.81 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 2 views)
Xagest is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here