[Closed] Not again! ANti-spyware virus!?! LDTate?

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Closed] Not again! ANti-spyware virus!?! LDTate?

Options

EP70 View Member Profile	Jun 23 2009, 07:21 AM Post #1
Authentic Member Group: Authentic Member Posts: 52 Joined: 13-April 09 Member No.: 85,233 Operating System: XP Pro	It seems I contracted the "Anti-spyware" Trojan virus again .. I ran the MBAM scan a couple of times, and it seemed to have caught quite a few items , and one called "koobface" ...But I want to make sure I got rid of it , hopefully.. I don't know how this thing keeps getting on my Laptop .. I have protection on it , And update and run the programs twice a week ......!! Here is the latest HJT log I just ran ... Thanks again for all your help help guys ..! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:04 AM, on 6/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1232717373785 O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4462AB-FF0B-41A3-8690-88AAEE5DB68A}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{4584C0A9-7E59-4730-8363-520316F30F2D}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{931BAF06-5938-45B6-9564-5B54DD4A17EA}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{A855B70D-A5FF-470F-BB83-51031094ED16}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{AE99839A-E945-40B9-9BC4-A92BDB5C73D8}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{DD83F946-6400-4130-B134-A9035F5C1C6B}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB2A45A-FB6D-44B1-AB32-62FB17986665}: NameServer = 213.174.139.72,192.168.32.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C4462AB-FF0B-41A3-8690-88AAEE5DB68A}: NameServer = 213.174.139.72,192.168.32.254 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9978 bytes Sorry for the edit again , I forgot to post the MBAM log ... Malwarebytes' Anti-Malware 1.38 Database version: 2324 Windows 5.1.2600 Service Pack 3 6/23/2009 1:26:10 PM mbam-log-2009-06-23 (13-26-10).txt Scan type: Quick Scan Objects scanned: 90905 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This post has been edited by EP70*: Jun 23 2009, 11:28 AM

Replies

EP70 View Member Profile	Jun 28 2009, 03:37 PM Post #2
Authentic Member Group: Authentic Member Posts: 52 Joined: 13-April 09 Member No.: 85,233 Operating System: XP Pro	This is off the AVG vault. 1st entry PUP Fake AntiSpyware COZ C:\system volume Infromation\_restore(8a786fbb-b856-4348-a268-96824dda16bb)\rp9\a0001654.dll 2nd entry Packed monder C:\documents and settings\Ernie Plowden\local settings\temp\~tm80.tmp 3rd entry Packed Monder C:\system volume Infromation\_restore(8a786fbb-b856-4348-a268-96824dda16bb)\rp19\a0003496.exe 4th entry Packed Monder C:\windows\system32\wbem\proquota.exe

Posts in this topic

EP70 [Closed] Not again! ANti-spyware virus!?! LDTate? Jun 23 2009, 07:21 AM

Noviciate Due, in part, to the large numbers of HJT logs bei... Jun 23 2009, 01:31 PM

EP70 I downloaded and saved the Sec-Info2 to the desto... Jun 23 2009, 01:51 PM

Noviciate Swop that part for this: Download Malwarebytes... Jun 23 2009, 03:37 PM

EP70 Here is the Sec-Info log .. THe MBAM is scanning ,... Jun 24 2009, 06:17 AM

EP70 Sorry , forgot to post the HJT Uninstall list .. h... Jun 24 2009, 06:21 AM

EP70 Ok , Here is the MBAM full scan log.: Malwarebyt... Jun 24 2009, 07:14 AM

Noviciate QUOTE AND a description of how your PC is behaving... Jun 24 2009, 01:39 PM

EP70 There a re a few webpages I can't get on , jus... Jun 24 2009, 02:00 PM

Noviciate Has this only been since the infection? I'd l... Jun 24 2009, 02:07 PM

EP70 Yeah it started since the Infection.... I ran the... Jun 24 2009, 03:12 PM

Noviciate Try just the suggestions under General troubleshoo... Jun 24 2009, 03:49 PM

EP70 Ok , my bad on that one and I apologize .. My DNS ... Jun 25 2009, 06:51 AM

Noviciate The warning is probably a leftover of some slime a... Jun 25 2009, 01:21 PM

EP70 Ok , disabled the SpyBot Teatimer ... Reboot ... R... Jun 25 2009, 01:50 PM

Noviciate QUOTE I got a windows Security Center window that ... Jun 25 2009, 04:29 PM

EP70 *whew* Yup , that is the same window. Hehe ... Le... Jun 26 2009, 06:19 AM

Noviciate Looks fine to me, so just a little light housework... Jun 26 2009, 01:02 PM

EP70 Ok , ran the Java's , And downloaded the firew... Jun 28 2009, 09:59 AM

Noviciate I'll need the name of the file rather than the... Jun 28 2009, 12:31 PM

EP70 This is off the AVG vault. 1st entry PUP Fake A... Jun 28 2009, 03:37 PM

Noviciate You may need to set Windows to show All Hidden Fil... Jun 28 2009, 03:52 PM

Noviciate Due to inactivity this topic will be closed. If yo... Jul 3 2009, 02:50 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] severe trojan/infection please help	7	shawnav	169	42 minutes ago Last post by: ken545
Infections Removal Google Redirect Virus	5	ladykrimson	101	Today, 01:16 AM Last post by: oldman960
Infections Removal Malware/Virus Disable all AV and Spyware Tools	8	ZeroMovement	132	Today, 12:39 AM Last post by: ZeroMovement
Infections Removal Windows/Microsoft Pop-up virus notification	0	konagrrl	17	Yesterday, 06:29 PM Last post by: konagrrl