Jump to content

antivirus xp 2010, I despise you.


Recommended Posts

I have come in contact with the Antivirus XP 2010 Malware. It keeps popping up false alarms and trying to get me to purchase antivirus software and won't allow me to run or re-install Malwarebytes so I have no log from Malwarebytes.

I hope I have done all this right:

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Owner at 1:00:02.64 on Mon 03/15/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.maxiwe.com/

uDefault_Search_URL = hxxp://srch-us6.hpwis.com/

uSearch Bar = about:blank

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://srch-us6.hpwis.com/

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uSearchAssistant = about:blank

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {E6AE90A4-1B01-47F0-AA78-E6B122E145E9} - No File

TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -

EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [doubleTwist] c:\program files\doubletwist 2.0\DoubleTwist.DeviceHelper.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: &Search - ?p=ZK

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1066284615937

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab

DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} - hxxp://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.2871064815

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxp://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cutera.webex.com/client/T25L/event/ieatgpc.cab

DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323

DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - hxxp://download.rfwnad.com/cab/crack.CAB

TCP: {D3268353-080F-4943-8B3F-7596E018081B} = 166.102.165.11,166.102.165.13

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\windows\system32\winuid.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-16 242696]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-16 216200]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-16 29512]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-12-12 6656]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-10-20 2560]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-22 24652]

S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]

S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2005-8-31 82888]

S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2005-8-31 53690]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2004-7-16 19677]

=============== Created Last 30 ================

2010-03-15 05:56:37 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-03-15 04:43:51 0 d-----w- c:\documents and settings\owner\dwhelper

2010-03-15 01:36:25 811 ----a-w- c:\windows\hpinfo.lnk

2010-03-15 01:35:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-15 01:33:50 0 d-----w- c:\program files\hp deskjet 930c series

2010-03-15 01:33:30 53248 ----a-w- c:\windows\system32\hpfinsta.exe

2010-03-15 01:33:29 274432 ------w- c:\windows\system32\hpfinst.dll

2010-03-15 01:33:26 262144 ----a-w- c:\windows\system32\hpzcon04.dll

2010-03-15 01:33:26 200704 ----a-w- c:\windows\system32\hpzcoi04.dll

2010-03-15 01:33:26 114744 ----a-w- c:\windows\system32\hpzlnt04.dll

2010-03-11 02:26:12 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-02-28 18:39:02 0 d-----w- c:\program files\Coupons

2010-02-26 02:52:42 0 d-----w- c:\program files\AdvancedDVDPlayer

==================== Find3M ====================

2010-03-15 01:44:43 15283 ----a-w- c:\windows\system32\tablet.dat

2010-03-15 01:35:14 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-15 01:34:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-05 01:45:08 50640 ---ha-w- c:\windows\system32\mlfcache.dat

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-11-24 00:26:45 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-09-28 18:08:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat

============= FINISH: 1:01:31.64 ===============

Attach.rar

ark.rar

Link to post
Share on other sites

  • Staff

Hi,

Please read & perform the instructions posted here how to install malwarebytes and how to run it when you are dealing with this variant:

http://forums.malwarebytes.org/index.php?s...st&p=193288

Let me know if that worked for you.

Important note, it is extremely important that you first update malwarebytes before running the scan.

Link to post
Share on other sites

Hi,

Please read & perform the instructions posted here how to install malwarebytes and how to run it when you are dealing with this variant:

http://forums.malwarebytes.org/index.php?s...st&p=193288

Let me know if that worked for you.

Important note, it is extremely important that you first update malwarebytes before running the scan.

I can get all the way to the point of updating but after I download the update, it says it has to restart to install the updates. The program closes, but it does not install the updates.

I am still in safe mode, should I be in regular mode possibly?

Link to post
Share on other sites

  • Staff

Hi,

It looks like your version of malwarebytes is outdated as well.

Can you redownload it again? Please see the link I gave you, because it's explained there how to install malwarebytes as well (renaming the main installer). Once that new version is installed, then run the update once again.

Yes, try from Windows normal mode.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.