Tech Support Forum - View Single Post - Antivirus System Pro + Other possible malware

Grahamiamiam · 07-01-2009, 11:24 AM

I do have Antivirus system pro and its ridicoulus pop-ups infecting my computer now. Also IE will occasionally pop-up w/ a homepage of ******, or other URLs. Its nearly impossible to browse the internet, or install programs as I get the message "xxx.xxx" is infected, would you like to install antivirus software?" Anyway, I hope I get this done right.

also, IE kept popping up while GMER was running, and that may have had an effect on its results. I had to go to safe mode in order to get DDS to run.

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Beany at 13:08:24.64 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.800 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
svchost
C:\Documents and Settings\Beany\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: BHO: {029d18cb-8632-463c-93b7-c210ae50c722} - c:\windows\system32\iehelper.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LowRiskFileTypes] c:\windows\sysguard.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [sysldtray] c:\windows\ld11.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-30 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-12-8 2440120]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-6-29 16512]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-24 101936]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090630.032\NAVENG.SYS [2009-6-30 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090630.032\NAVEX15.SYS [2009-6-30 876144]

=============== Created Last 30 ================

2009-07-01 12:23 <DIR> --d----- c:\docume~1\beany\applic~1\GetRightToGo
2009-07-01 10:51 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-01 10:38 <DIR> --d----- c:\program files\Trend Micro
2009-07-01 06:34 0 a------- c:\windows\567788.bat
2009-07-01 06:34 33,792 a------- c:\windows\strt_1246444477.exe
2009-06-30 22:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-30 21:56 <DIR> --d----- c:\program files\Lavasoft
2009-06-30 21:31 2 a------- c:\windows\0101120101465749.dat
2009-06-30 21:31 1 ----h--- c:\windows\bf23567.dat
2009-06-30 21:31 33,792 a------- c:\windows\freddy49.exe
2009-06-30 20:41 12,544 a------- c:\windows\system32\iehelper.dll
2009-06-30 20:31 304,896 a------- c:\windows\sysguard.exe
2009-06-30 20:31 2 a------- c:\windows\010112010146118114.dat
2009-06-30 20:31 28,160 ----h--- c:\windows\ld11.exe
2009-06-29 15:47 22,528 a------- c:\windows\system32\WNASPI32.DLL
2009-06-29 15:47 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-06-27 19:15 93 a------- c:\windows\system32\SKYNETdorpowds.dat
2009-06-27 13:04 <DIR> --d----- c:\program files\Zango
2009-06-24 21:32 32,592 a------- c:\windows\system32\msonpmon.dll
2009-06-24 21:12 <DIR> --dsh--- c:\documents and settings\beany\IECompatCache
2009-06-24 21:11 <DIR> --dsh--- c:\documents and settings\beany\PrivacIE
2009-06-24 21:10 <DIR> --dsh--- c:\documents and settings\beany\IETldCache
2009-06-24 21:07 <DIR> --d----- c:\windows\ie8updates
2009-06-24 21:06 <DIR> -cd-h--- c:\windows\ie8
2009-06-24 21:05 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 21:05 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-24 21:05 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 21:05 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 21:05 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-24 21:00 2 a------- c:\windows\msoffice.ini
2009-06-24 20:50 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 20:50 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-24 20:50 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 20:50 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 20:49 <DIR> --d----- c:\program files\Symantec
2009-06-24 20:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-24 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-24 20:49 <DIR> --d----- C:\IUware Online
2009-06-22 06:38 93 a------- c:\windows\system32\SKYNET.dat
2009-06-20 17:51 <DIR> --d----- c:\docume~1\beany\applic~1\Malwarebytes
2009-06-20 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-20 16:51 130,781 a------- c:\windows\system32\SKYNETeoxoyptq.dat
2009-06-20 01:50 <DIR> --d----- c:\windows\system32\scripting
2009-06-20 01:50 <DIR> --d----- c:\windows\l2schemas
2009-06-20 01:50 <DIR> --d----- c:\windows\system32\en
2009-06-20 01:50 <DIR> --d----- c:\windows\system32\bits
2009-06-20 01:47 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-20 01:45 <DIR> --d----- c:\windows\network diagnostic
2009-06-20 01:18 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-20 01:16 295,424 -------- c:\windows\system32\dllcache\termsrv.dll
2009-06-18 09:23 <DIR> --d----- c:\docume~1\beany\applic~1\Corel Photo Album
2009-06-18 09:22 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-18 09:22 88 ---shr-- c:\windows\system32\DF12408E5B.sys
2009-06-15 13:06 <DIR> --d-h--- c:\windows\PIF
2009-06-14 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-06-14 22:58 <DIR> --d----- c:\program files\Last.fm
2009-06-14 22:18 <DIR> --d----- c:\docume~1\beany\applic~1\DemoCreator
2009-06-14 18:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-14 18:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-14 17:28 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-14 17:11 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-06-14 17:11 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-06-14 13:08 <DIR> --d----- c:\program files\uTorrent
2009-06-14 13:08 <DIR> --d----- c:\docume~1\beany\applic~1\uTorrent
2009-06-14 13:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-06-14 13:07 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-14 11:08 <DIR> --d----- c:\program files\dl_Cats
2009-06-14 11:02 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-14 11:02 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-06-14 11:02 87,040 a------- c:\windows\system32\dllcache\wiafbdrv.dll
2009-06-14 10:57 4,128 a------- C:\INFCACHE.1
2009-06-14 01:09 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-14 01:05 276,992 -------- c:\windows\system32\wmphoto.dll
2009-06-14 01:03 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys
2009-06-14 01:02 6,144 -------- c:\windows\system32\kbdiultn.dll
2009-06-14 01:01 650,752 -------- c:\windows\system32\dot3ui.dll
2009-06-14 00:47 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-14 00:47 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-14 00:47 <DIR> --d----- c:\program files\iPod
2009-06-14 00:47 <DIR> --d----- c:\program files\iTunes
2009-06-14 00:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-14 00:47 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-14 00:47 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-14 00:44 <DIR> --d----- c:\program files\Bonjour
2009-06-14 00:35 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-06-14 00:35 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-14 00:35 2,330,624 -------- c:\windows\system32\dllcache\WMVCore.dll
2009-06-14 00:35 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-06-14 00:35 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-06-14 00:35 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-06-14 00:34 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-06-14 00:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-06-14 00:34 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-06-14 00:34 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-14 00:34 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-14 00:34 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-14 00:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-14 00:32 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-14 00:32 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-14 00:32 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-14 00:32 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-14 00:32 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-14 00:32 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-06-14 00:32 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-13 23:39 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-13 23:38 <DIR> --d----- c:\program files\DellSupport
2009-06-13 23:38 <DIR> --dsh--- c:\documents and settings\beany\UserData
2009-06-13 23:36 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-13 23:36 <DIR> --d----- c:\docume~1\beany\applic~1\McAfee.com Personal Firewall
2009-06-13 23:35 <DIR> --d----- c:\documents and settings\Beany

==================== Find3M ====================

2009-06-20 01:53 89,191 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 00:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll

============= FINISH: 13:08:33.57 ===============