Jump to content

chek

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by chek

  1. chek
    Hi, My pc was infected with the AV Security Virus so I tried removing it using the the Malwarebytes Anti-Malware software. It did remove a few infected files (when scanning using safe mode) but when I boot up normal, the AV thingy still shows up! Is there anything else that I might have missed? Please help! Here is the DDS data. DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by chtan at 23:24:05.42 on Thu 06/17/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3066.2423 [GMT -5:00] AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\chtan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://m.www.yahoo.com/ uSearch Page = hxxp://www.google.com uWindow Title = Windows Internet Explorer provided by LSI Corporation uInternet Settings,ProxyServer = http=127.0.0.1:1045 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: moigh Object: {932708a1-78fe-42d8-9abe-1d6a30da34fd} - c:\windows\system32\slqci.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: voguecash browser enhancer: {ee839b95-aa70-41ef-3f5c-778286ed957c} - c:\windows\system32\wnjfkkbkyazixno.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Aim6] uRun: [Adobe Acrobat Synchronizer] c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe uRun: [bqoxupewukuwupo] rundll32.exe "c:\windows\tcoc950.dll",Startup uRun: [{DC700C5D-7BFE-C637-730C-3B85EB3E76B5}] "c:\documents and settings\chtan\application data\loydy\houv.exe" uRun: [pwwrylkqghct] c:\documents and settings\chtan\local settings\application data\ihcghl\mbdckp.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe" mRun: [<NO NAME>] mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/ mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [pwwrylkqghct] c:\documents and settings\chtan\local settings\application data\ihcghl\mbdckp.exe mRun: [Czogevezuyoca] rundll32.exe "c:\windows\afonunan.dll",Startup mRun: [skb] rundll32 "wlqci.dll",,Run mRun: [MChk] c:\windows\system32\jlqci.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pandion.lnk - c:\documents and settings\chtan\local settings\application data\pandion\application\pandion.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: agere.com Trusted Zone: lsi.com Trusted Zone: lsi.com\itepm Trusted Zone: lsil.com Trusted Zone: lsil.com\*.co Trusted Zone: successfactors.com Trusted Zone: virtualedge.com Trusted Zone: agere.com Trusted Zone: lsi.com Trusted Zone: lsi.com\itepm Trusted Zone: lsil.com Trusted Zone: lsil.com\*.co Trusted Zone: successfactors.com Trusted Zone: virtualedge.com DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://testweb3.testlab.ks.lsil.com/tdbin/Spider80.ocx DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242392156902 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lsilogic.webex.com/client/T26L/webex/ieatgpc.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: OdysseyClient - odyEvent.dll Notify: psfus - c:\windows\system32\psqlpwd.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli psqlpwd ============= SERVICES / DRIVERS =============== R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-23 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-23 108392] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-23 2477304] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-5-14 243856] R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2006-11-14 398720] S2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2008-8-1 6600000] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664] S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2006-12-11 87664] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-5-14 53248] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-8 11152] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652] S2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-5-14 482176] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [2009-9-23 23888] S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-3-16 81992] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-13 102448] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784] S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\lv_tracker.sys [2008-8-1 45384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-3 38224] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100617.003\NAVENG.SYS [2010-6-17 85552] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100617.003\NAVEX15.SYS [2010-6-17 1347504] S3 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files\ibm_ds\client\monitor\SMmonitor.exe [2010-5-20 69632] =============== Created Last 30 ================ 2010-06-18 02:24:54 0 d-----w- c:\docume~1\chtan\applic~1\Street-Ads 2010-06-18 02:24:27 0 d-----w- c:\docume~1\chtan\applic~1\Sky-Banners 2010-06-18 02:24:26 51021 ----a-w- c:\windows\system32\bdryynujcema.exe 2010-06-18 01:01:23 120 ----a-w- c:\windows\Jnupa.dat 2010-06-18 01:01:23 0 ----a-w- c:\windows\Rxeciyi.bin 2010-06-18 01:00:46 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-06-18 01:00:46 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-06-18 01:00:34 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-06-18 01:00:34 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-06-18 01:00:09 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-06-18 01:00:09 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-06-18 00:59:12 0 d-----w- c:\docume~1\chtan\applic~1\4451F2D11BCB616BDC901DC96FFED279 2010-06-17 14:03:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-14 12:28:54 310784 ----a-w- c:\windows\system32\slqci.dll 2010-06-08 14:51:54 40629 ----a-w- c:\windows\system32\jlqci.exe 2010-05-31 16:19:46 0 d-sh--w- c:\documents and settings\chtan\IECompatCache 2010-05-29 14:55:49 0 d-----w- c:\program files\common files\Blizzard Entertainment 2010-05-24 04:30:11 0 d-----w- c:\docume~1\chtan\applic~1\Evifk 2010-05-20 20:26:16 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-20 20:26:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-20 20:26:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-20 20:26:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-20 20:26:15 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-05-20 19:49:41 0 d-----w- c:\windows\ie8updates 2010-05-20 19:09:26 0 d-sh--w- c:\documents and settings\chtan\PrivacIE 2010-05-20 19:04:25 0 d-sh--w- c:\documents and settings\chtan\IETldCache 2010-05-20 18:58:38 0 d--h--w- c:\windows\msdownld.tmp 2010-05-20 18:58:02 0 dc-h--w- c:\windows\ie8 2010-05-20 18:30:52 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2010-05-20 16:47:22 40960 ----a-w- c:\windows\system32\SMEventLog.dll ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll ============= FINISH: 23:25:05.84 ===============
  2. chek
    Hi, I pc was infected with the AV Security Virus so I tried removing it using the the Malwarebytes Anti-Malware software. It did remove a few infected files (when scanning using safe mode) but when I boot up normal, the AV thingy still shows up! Is there anything else that I might have missed? Please help! Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.