Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help : AV Security Suite

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please Help : AV Security Suite

Unread postby wesmat » June 30th, 2010, 8:46 pm

Here is the first log:

All processes killed
========== PROCESSES ==========
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <c:\windows\system32\ezsidmv.dat> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: FITZPATRICK
->Temp folder emptied: 105008 bytes
->Temporary Internet Files folder emptied: 506926 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 427 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: TEMP
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.000
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.001
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.002
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.003
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.004
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.005
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.006
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.007
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.008
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.009
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.010
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.011
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.012
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.013
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.014
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.015
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.016
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.017
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.018
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.019
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.020
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.021
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.022
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.023
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.024
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.025
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.026
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.027
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.028
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.029
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.030
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.031
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.032
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.033
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.034

User: TEMP.NT AUTHORITY.035
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.036
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.037
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.038
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.039
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06302010_200225

Files moved on Reboot...
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD001.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD018.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD1D7.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD1F8.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD40E.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DFD422.tmp not found!
C:\Documents and Settings\FITZPATRICK\Local Settings\Temporary Internet Files\Content.IE5\4GFK7FAV\viewtopic[1].php moved successfully.
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...


I tried Kaspersky and it failed to run again - same error message as before regarding the interrupted internet connection. I verified that Java is still current.
wesmat
Regular Member
 
Posts: 92
Joined: April 9th, 2009, 4:08 pm
Advertisement
Register to Remove

Re: Please Help : AV Security Suite

Unread postby xixo_12 » June 30th, 2010, 9:31 pm

Hi,
Let's proceed.
Try again with this

First,
OTM by Old Timer.
Try with this code
:processes
:files
c:\windows\system32\ezsidmv.dat
:commands
[resethosts]
[emptytemp]
[start explorer]
[reboot]


Next,
Discussion
Any other problem except kaspersky?

What you need to post
Checklist.
  • Respond to our discussion
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Please Help : AV Security Suite

Unread postby wesmat » July 1st, 2010, 12:08 am

I do not see anything else wrong - just the online scan problem. Here is OTM log:

All processes killed
========== PROCESSES ==========
========== FILES ==========
c:\windows\system32\ezsidmv.dat moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FITZPATRICK
->Temp folder emptied: 170289 bytes
->Temporary Internet Files folder emptied: 8614802 bytes
->Java cache emptied: 5400 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 846 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: TEMP
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.000
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.001
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.002
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.003
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.004
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.005
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.006
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.007
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.008
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.009
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.010
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.011
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.012
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.013
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.014
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.015
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.016
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.017
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.018
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.019
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.020
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.021
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.022
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.023
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.024
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.025
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.026
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.027
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.028
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.029
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.030
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.031
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.032
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.033
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.034

User: TEMP.NT AUTHORITY.035
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.036
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.037
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.038
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.NT AUTHORITY.039
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06302010_235701

Files moved on Reboot...
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\hsperfdata_FITZPATRICK\2536 not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF35E1.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF35F5.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF365F.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF3673.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF37AF.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF37C3.tmp not found!
C:\Documents and Settings\FITZPATRICK\Local Settings\Temporary Internet Files\Content.IE5\ACCSKGCL\viewtopic[1].php moved successfully.

Registry entries deleted on Reboot...
wesmat
Regular Member
 
Posts: 92
Joined: April 9th, 2009, 4:08 pm

Re: Please Help : AV Security Suite

Unread postby wesmat » July 1st, 2010, 12:16 am

I need to correct my last post... After doing the post I rebooted and let the system sit, after about 5 minutes the same 'Active Update' message came up. I ran HijackThis and then posted this message. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:46, on 2010-07-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FITZPATRICK\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Families/Images/stg_drm.ocx
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/ ... cab?v=1049
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2722722906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11174 bytes
wesmat
Regular Member
 
Posts: 92
Joined: April 9th, 2009, 4:08 pm

Re: Please Help : AV Security Suite

Unread postby xixo_12 » July 1st, 2010, 12:38 am

Hi,

Allow me to consult with my colleague. There is something occur here.
I will back to you shortly.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Please Help : AV Security Suite

Unread postby xixo_12 » July 1st, 2010, 8:31 am

Hi,
No worries about the warning. Not really a big deal. It's legit.

System drive C: has 3 GB (10%) free of 35 GB

This is the reason why you can't launch kaspersky. You need to free up some space on your hard drive. Put some of your files on CD or DVD and then erase them from your drive.
You can check the Free Space on the drive by going to Start > My Computer > right clicking on the C: drive, and choosing properties.
You need to have at least 10 Gb free space on the C: drive for this machine to work properly.

Ok let's proceed.

NOTE: To disable WinPatrol
  • Locate the WinPatrol Image icon in the system tray and right-click it and select Options...
  • In the list near the bottom of the window, uncheck Automatically run WinPatrol when computer starts.
  • Close WinPatrol window
  • Right-click Image in System Tray and select Exit Program
After tools have run and any necessary reboots have occurred, re-enable WinPatrol by running the program from the Start menu and checking Automatically run WinPatrol when computer starts on the options tab.

First,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Spybot - Search & Destroy

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
OTM by Old Timer.
Run OTM again with this code and provide the log
Code: Select all
:processes
:files
C:\WINDOWS\System32\drivers\etc\Hosts
:commands
[emptytemp]
[start explorer]
[reboot]


Next,
HostsXpert - MS host.
Please download from HERE and unzip (extract) it to the desktop.
  • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • In the bottom half of the left pane, click on File Handling
  • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
  • Then click on Restore Ms Hosts File to restore your Hosts file to its default condition > Click OK.
  • When it finishes , click on File Handling again.
  • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
  • Hit the X in the upper right corner to exit HostsXpert
If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Next,
Reboot into the usual account.

Next,
HijackThis V2.0.2
Please generate new log for my review.

What you need to post
Checklist.
  • Content of OTM log
  • Content of new Hijackthis.log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Please Help : AV Security Suite

Unread postby wesmat » July 1st, 2010, 12:41 pm

Here are the log files:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FITZPATRICK
->Temp folder emptied: 2302014 bytes
->Temporary Internet Files folder emptied: 2271773 bytes
->Java cache emptied: 5400 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11945368 bytes

Total Files Cleaned = 16.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 07012010_123035

Files moved on Reboot...
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\hsperfdata_FITZPATRICK\1792 not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF6F81.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF70B6.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF7330.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF7410.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF7754.tmp not found!
File C:\Documents and Settings\FITZPATRICK\Local Settings\Temp\~DF7948.tmp not found!
C:\Documents and Settings\FITZPATRICK\Local Settings\Temporary Internet Files\Content.IE5\1JSQEXHD\viewtopic[1].htm moved successfully.

Registry entries deleted on Reboot...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:58, on 2010-07-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM7\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FITZPATRICK\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Families/Images/stg_drm.ocx
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/ ... cab?v=1049
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2722722906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10241 bytes
wesmat
Regular Member
 
Posts: 92
Joined: April 9th, 2009, 4:08 pm

Re: Please Help : AV Security Suite

Unread postby xixo_12 » July 1st, 2010, 6:23 pm

Hi

Looking good. Any other question before final instructions once again?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Please Help : AV Security Suite

Unread postby wesmat » July 1st, 2010, 7:49 pm

No, things seems to be running fine now.
wesmat
Regular Member
 
Posts: 92
Joined: April 9th, 2009, 4:08 pm

Re: Please Help : AV Security Suite

Unread postby xixo_12 » July 2nd, 2010, 7:05 am

Good! :cheers:
Your system now is clean.
Let's do some cleaning and management.

First,
Uninstall Combofix
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image

Next,
OTM - CleanUp!
  • Double Click on OTM.exe.
  • Click on CleanUp!.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Next,
clear system restore points.
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point > Click Next > Put the description as you wish > Click Create.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive ( normally C: ) and click Ok.
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and click yes.
  • Go back to the Disk Cleanup tab.
  • Put a checkmark in all - except compress old files (leave this unchecked).
  • Click Ok then click Yes
This will remove all restore points except the new one you just created and clean unneeded files

Next,
You can proceed to delete all tools that involved in this process.
Other than that you can refer to previous all clean speech.
I will ask this topic to be close soon.

Safe surfing! :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Please Help : AV Security Suite

Unread postby jmw3 » July 3rd, 2010, 8:45 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 11 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware