Jump to content

Could not remove AV Security virus


Recommended Posts

Hi,

My pc was infected with the AV Security Virus so I tried removing it using the the Malwarebytes Anti-Malware software. It did remove a few infected files (when scanning using safe mode) but when I boot up normal, the AV thingy still shows up! Is there anything else that I might have missed? Please help!

Here is the DDS data.

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by chtan at 23:24:05.42 on Thu 06/17/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3066.2423 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\chtan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/

uSearch Page = hxxp://www.google.com

uWindow Title = Windows Internet Explorer provided by LSI Corporation

uInternet Settings,ProxyServer = http=127.0.0.1:1045

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: moigh Object: {932708a1-78fe-42d8-9abe-1d6a30da34fd} - c:\windows\system32\slqci.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: voguecash browser enhancer: {ee839b95-aa70-41ef-3f5c-778286ed957c} - c:\windows\system32\wnjfkkbkyazixno.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Aim6]

uRun: [Adobe Acrobat Synchronizer] c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

uRun: [bqoxupewukuwupo] rundll32.exe "c:\windows\tcoc950.dll",Startup

uRun: [{DC700C5D-7BFE-C637-730C-3B85EB3E76B5}] "c:\documents and settings\chtan\application data\loydy\houv.exe"

uRun: [pwwrylkqghct] c:\documents and settings\chtan\local settings\application data\ihcghl\mbdckp.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe"

mRun: [<NO NAME>]

mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [pwwrylkqghct] c:\documents and settings\chtan\local settings\application data\ihcghl\mbdckp.exe

mRun: [Czogevezuyoca] rundll32.exe "c:\windows\afonunan.dll",Startup

mRun: [skb] rundll32 "wlqci.dll",,Run

mRun: [MChk] c:\windows\system32\jlqci.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pandion.lnk - c:\documents and settings\chtan\local settings\application data\pandion\application\pandion.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: agere.com

Trusted Zone: lsi.com

Trusted Zone: lsi.com\itepm

Trusted Zone: lsil.com

Trusted Zone: lsil.com\*.co

Trusted Zone: successfactors.com

Trusted Zone: virtualedge.com

Trusted Zone: agere.com

Trusted Zone: lsi.com

Trusted Zone: lsi.com\itepm

Trusted Zone: lsil.com

Trusted Zone: lsil.com\*.co

Trusted Zone: successfactors.com

Trusted Zone: virtualedge.com

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://testweb3.testlab.ks.lsil.com/tdbin/Spider80.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242392156902

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lsilogic.webex.com/client/T26L/webex/ieatgpc.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: OdysseyClient - odyEvent.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-23 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-23 108392]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-23 2477304]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-5-14 243856]

R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2006-11-14 398720]

S2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2008-8-1 6600000]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2006-12-11 87664]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-5-14 53248]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-8 11152]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652]

S2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-5-14 482176]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [2009-9-23 23888]

S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-3-16 81992]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-13 102448]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\lv_tracker.sys [2008-8-1 45384]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-3 38224]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100617.003\NAVENG.SYS [2010-6-17 85552]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100617.003\NAVEX15.SYS [2010-6-17 1347504]

S3 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files\ibm_ds\client\monitor\SMmonitor.exe [2010-5-20 69632]

=============== Created Last 30 ================

2010-06-18 02:24:54 0 d-----w- c:\docume~1\chtan\applic~1\Street-Ads

2010-06-18 02:24:27 0 d-----w- c:\docume~1\chtan\applic~1\Sky-Banners

2010-06-18 02:24:26 51021 ----a-w- c:\windows\system32\bdryynujcema.exe

2010-06-18 01:01:23 120 ----a-w- c:\windows\Jnupa.dat

2010-06-18 01:01:23 0 ----a-w- c:\windows\Rxeciyi.bin

2010-06-18 01:00:46 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-06-18 01:00:46 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-06-18 01:00:34 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-06-18 01:00:34 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-06-18 01:00:09 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-06-18 01:00:09 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-06-18 00:59:12 0 d-----w- c:\docume~1\chtan\applic~1\4451F2D11BCB616BDC901DC96FFED279

2010-06-17 14:03:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-14 12:28:54 310784 ----a-w- c:\windows\system32\slqci.dll

2010-06-08 14:51:54 40629 ----a-w- c:\windows\system32\jlqci.exe

2010-05-31 16:19:46 0 d-sh--w- c:\documents and settings\chtan\IECompatCache

2010-05-29 14:55:49 0 d-----w- c:\program files\common files\Blizzard Entertainment

2010-05-24 04:30:11 0 d-----w- c:\docume~1\chtan\applic~1\Evifk

2010-05-20 20:26:16 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-05-20 20:26:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-05-20 20:26:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-05-20 20:26:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-05-20 20:26:15 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-05-20 19:49:41 0 d-----w- c:\windows\ie8updates

2010-05-20 19:09:26 0 d-sh--w- c:\documents and settings\chtan\PrivacIE

2010-05-20 19:04:25 0 d-sh--w- c:\documents and settings\chtan\IETldCache

2010-05-20 18:58:38 0 d--h--w- c:\windows\msdownld.tmp

2010-05-20 18:58:02 0 dc-h--w- c:\windows\ie8

2010-05-20 18:30:52 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2010-05-20 16:47:22 40960 ----a-w- c:\windows\system32\SMEventLog.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 23:25:05.84 ===============

Link to post
Share on other sites

Hello chek! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed of any changes.

Please post and Attach.txt .

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.