Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Protection system help!


  • Please log in to reply

#1
sckathryn

sckathryn

    Member

  • Member
  • PipPip
  • 58 posts
i did a little searching. i have the protection system virus and hope someone can help me get my laptop cleaned.
i already downloaded the combofix and here is my log. please, can anyone help me?

ComboFix 09-08-01.06 - kat 08/01/2009 20:42.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.1000 [GMT -4:00]
Running from: c:\users\kat\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3952787215-1958037011-4233639923-500
c:\windows\jestertb.dll
c:\windows\system32\drivers\UACrexoipcnmi.sys
c:\windows\system32\resdll.dll
c:\windows\system32\UACcsbiqnjeev.dll
c:\windows\system32\UACiepcqoyxin.dat
c:\windows\system32\UACijsebixpqw.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACophvmvqrcm.db
c:\windows\system32\UACrugkkmdnmk.dll
c:\windows\system32\UACxltutwudme.dll
c:\windows\system32\wscsvc32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 00:52 . 2009-08-02 01:03 -------- d-----w- c:\users\kat\AppData\Local\temp
2009-08-01 23:20 . 2009-08-01 23:20 14848 ----a-w- c:\windows\system32\wingenocx.dll
2009-08-01 22:54 . 2009-08-01 23:22 -------- d-----w- c:\program files\Protection System
2009-07-16 17:57 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 17:57 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 17:57 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 17:57 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 19:05 . 2009-07-12 19:05 680 ----a-w- c:\users\kat\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 01:02 . 2009-02-02 02:07 -------- d-----w- c:\program files\MioNet
2009-08-02 00:53 . 2007-10-24 18:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-01 23:15 . 2009-01-17 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 21:55 . 2009-03-24 01:56 4002 ----a-w- c:\progra~2\Intuit\QuickBooks 2009\qbbackup.sys
2009-07-21 21:52 . 2009-07-29 13:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 19:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-03 01:26 . 2007-05-14 18:39 111616 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-03 01:25 . 2007-07-21 11:11 8224 ----a-w- c:\users\kat\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 00:58 . 2007-03-16 13:44 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-03 00:56 . 2007-03-16 13:46 -------- d-----w- c:\program files\Microsoft Works
2009-07-02 19:18 . 2007-03-16 13:53 -------- d-----w- c:\program files\Norton Internet Security
2009-07-02 19:15 . 2007-03-16 13:51 -------- d-----w- c:\progra~2\Symantec
2009-07-02 19:13 . 2007-03-16 13:51 -------- d-----w- c:\program files\Symantec
2009-07-02 19:13 . 2007-03-16 13:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-02 19:13 . 2007-03-16 13:52 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-02 19:13 . 2007-03-16 13:52 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-02 19:12 . 2007-03-16 13:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-01 02:03 . 2009-07-01 02:03 -------- d-----w- c:\program files\Avira
2009-07-01 02:03 . 2009-07-01 02:03 -------- d-----w- c:\progra~2\Avira
2009-06-19 19:20 . 2009-03-24 21:06 865544 ----a-w- c:\progra~2\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-06-19 19:20 . 2009-03-24 21:06 38664 ----a-w- c:\progra~2\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Protection System"="c:\program files\Protection System\psystem.exe" [2009-08-01 2519040]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-09 483328]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"bgsmsnd.exe"="c:\windows\system32\bgsmsnd.exe" [2007-11-19 160136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-02-20 32768]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-24 1838592]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\users\kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-3-16 528384]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-12 984352]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 15:01 8704 ----a-w- c:\windows\System32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4157219E-2390-443A-ACE5-F282C885ECEE}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0066FCD5-1018-4B78-9EF7-AC6E08569ADB}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{251B51D5-355C-4549-B047-F5192B3C1B8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{06F35D3F-13FD-45F4-B383-2169BC1403A6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99E35111-BEF7-45BD-A60D-B278BB8F5693}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{3314211B-73EF-42CB-8056-ABE38CFEE894}"= UDP:1700:MioNet Remote Drive Access 0
"{AB547E0F-F21B-4234-983A-871B2BDC48F7}"= UDP:1701:MioNet Remote Drive Access 1
"{33E13381-29BC-495A-AB6D-EB8CB4667BF8}"= UDP:1702:MioNet Remote Drive Access 2
"{55C7EDB5-854C-456B-8BEB-8C30C6219E60}"= UDP:1703:MioNet Remote Drive Access 3
"{6D4CB0AC-7EEC-4DE6-A6C8-8ECE775F4033}"= UDP:1704:MioNet Remote Drive Access 4
"{145C3B4A-0811-4A7B-8349-2458840BCAE3}"= UDP:1705:MioNet Remote Drive Access 5
"{09952930-6E77-48D1-A807-212171A14C96}"= UDP:1706:MioNet Remote Drive Access 6
"{40F9DE04-390F-404D-9836-C34A31D8E697}"= UDP:1707:MioNet Remote Drive Access 7
"{EFCDC14C-FA50-4C4C-9D6F-AB2EEE253868}"= UDP:1708:MioNet Remote Drive Access 8
"{D7FBD36F-0184-4608-B9C2-6D603C5C2BA2}"= UDP:1709:MioNet Remote Drive Access 9
"{A0B95D84-42C3-4212-8D7A-0BB64B05C87F}"= UDP:1641:MioNet Remote Drive Verification
"{B694B247-B11B-4980-B1BA-49E20CF28EB7}"= UDP:1647:MioNet Storage Device Configuration
"{21595FEE-B9AB-41D1-A152-88CA88C5326B}"= TCP:5432:MioNet Storage Device Discovery
"{B8DDD7E4-88F0-4538-9840-889079793C44}"= UDP:c:\program files\MioNet\MioNetManager.exe:MioNetManager
"{6A93ECA1-AFB4-4E4C-9331-CAC21AF2077E}"= TCP:c:\program files\MioNet\MioNetManager.exe:MioNetManager
"{2DD39A62-200E-4694-AAB3-ABB97988C394}"= UDP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet
"{FA711A15-DDFA-49D4-BD97-828CC0ECC531}"= TCP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys [10/20/2007 2:25 AM 180272]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [3/16/2007 9:58 AM 50688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/30/2009 10:03 PM 108289]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [2/20/2008 3:27 PM 139264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/26/2007 7:14 PM 112688]
R3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\ndisrd.sys [2/1/2009 10:16 PM 23224]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/3/2008 2:14 PM 37936]
S3 ir100;ir100;c:\windows\System32\drivers\ir100.sys [1/5/2009 3:00 PM 16896]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {12BC816B-8F68-CAB4-867E-FA0FEF15FB36} /qb
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mercerhrs.com\ibenefitcenter
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4168)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TeamViewer3\TeamViewer_Host.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Maxtor\ManagerApp\OneTouch.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-02 21:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 01:09

Pre-Run: 4,844,736,512 bytes free
Post-Run: 5,441,556,480 bytes free

253 --- E O F --- 2009-08-01 21:59


  • 0

Advertisements


#2
sckathryn

sckathryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
never mind. i was finally able to get IE open and DL malwarebytes and i ran that. it got rid of the protection system.

thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP