Topic: Mcafee disabled by "antivirus live"

[mikewu]

I am having the same problem. Mcafee was disabled by "antivirus live". After clean the virus, I could not turn on macfee. Here is the HijackThis. Which line is causing the problem? Thanks a lot in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:50 PM, on 1/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ACS\DPA\ACSDPA.exe
C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NALNTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\IBM\WebSphere MQ\bin\amqmtbrn.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\PGP Corporation\PGP Desktop\pgpwde.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://infobank.acs-inc.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DPRINT] C:\Program Files\ACS\DPA\DPAUI.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: WebSphere MQ Task Bar.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195494235122
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195494225349
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://acs-inc.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Americas.ONEACS.COM
O17 - HKLM\Software\..\Telephony: DomainName = Americas.ONEACS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Americas.ONEACS.COM
O23 - Service: ACSDPA - ACS - C:\Program Files\ACS\DPA\ACSDPA.exe
O23 - Service: Ataman TCP Remote Logon Services - Unknown owner - C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
O23 - Service: BEA Products NodeManager (C_bea10_wlserver10) - BEA Systems, Inc. - C:\bea10\WLSERV~1\server\bin\beasvc.exe
O23 - Service: BEA WebLogic Platform 8.1 NodeManager - BEA Systems, Inc. - C:\bea815\WEBLOG~1\server\bin\beasvc.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - C:\Program Files\IBM\WebSphere MQ\bin\amqsvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINDOWS\system32\NALNTSRV.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\system32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11774 bytes

[Samker]

Hi Mike.

Don't worry we will help you to fix this, now please provide us also log from Kaspersky Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html and info. how and when this problem occur first time??


Regards,

S.

[mikewu]

Hi,

My pc was infected by "antivirus live". I used Malwarebytes to remove the virus and did a repair of the Mcafee and full scan. My PC is clean now, Just the Mcafee was disabled and could not be turned on.  

Thanks a lot for your help!

[Samker]

"Antivirus Live is a rogue anti-spyware and ransomware program from the same family as Antivirus System Pro. This infection is installed on your computer through Trojans that install it automatically without your permission. Once installed, Antivirus Live will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the scan results it detects are all fake and do not actually exist on your computer.

This program is also very aggressive in how it protects itself from being removed. While the Antivirus Live process is running it will terminate almost all programs that you launch stating that they are infected. It will also change the Proxy settings in Internet Explorer so that you can not browse to any site other than the Antivirus Live site so that you can purchase the program. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection."

That's reason for your problem with McAfee...


As I still see some traces from this crap "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555" We definitely need Kaspersky log before next removing instructions.

Please "give" us K. log ASAP.

Regards,

S.

[mikewu]

Will do as soon as I come back home tonight. Thanks for your quick response!

[mikewu]

Here is the report:
Date: Yesterday   (events: 38)   
My Protection   (events: 2)   
1/5/2010 7:40:33 PM   Your computer is protected   Kaspersky Anti-Virus         
1/5/2010 7:40:18 PM   Databases are obsolete   Kaspersky Anti-Virus         
File Anti-Virus   (events: 23)   
1/5/2010 11:50:47 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 11:32:02 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 11:17:46 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 11:16:42 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 11:14:14 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 11:00:40 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 10:58:13 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 10:46:28 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 10:36:57 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 10:25:03 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
1/5/2010 9:53:25 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 9:07:19 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:53:47 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:52:55 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:51:56 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:48:55 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:48:30 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:46:23 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:45:18 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/5/2010 8:28:54 PM   Processing error   Yahoo! Messenger   C:\Program Files\YAHOO!\MESSENGER\Cache\WH.ul3YzZ.8tXOlFm3WKlQ--.slotmgr.ini   Read error   
1/5/2010 8:28:06 PM   Processing error   Yahoo! Messenger   C:\Program Files\YAHOO!\MESSENGER\Cache\WH.ul3YzZ.8tXOlFm3WKlQ--.slotmgr.ini   Read error   
1/5/2010 8:06:22 PM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\172.ini   Read error   
1/5/2010 7:40:19 PM   Task started   Kaspersky Anti-Virus   File Anti-Virus      
Mail Anti-Virus   (events: 1)   
1/5/2010 7:40:18 PM   Task started   Kaspersky Anti-Virus   Mail Anti-Virus      
Web Anti-Virus   (events: 1)   
1/5/2010 7:40:18 PM   Task started   Kaspersky Anti-Virus   Web Anti-Virus      
Proactive Defense   (events: 7)   
1/5/2010 8:31:42 PM   Detected: PDM.DNS Query   ACS Data Protection Agent   C:\PROGRAM FILES\ACS\DPA\ACSDPA.EXE   Action selected by user   
1/5/2010 8:31:42 PM   Detected: PDM.DNS Query   ACS Data Protection Agent   C:\PROGRAM FILES\ACS\DPA\ACSDPA.EXE      
1/5/2010 7:42:04 PM   Detected: PDM.DNS Query   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE   Action selected by user   
1/5/2010 7:42:04 PM   Detected: PDM.DNS Query   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE      
1/5/2010 7:40:57 PM   Detected: PDM.Keylogger   Absent   C:\WINDOWS\SYSTEM32\DRIVERS\KBLOCK.SYS   Action selected by user   
1/5/2010 7:40:57 PM   Detected: PDM.Keylogger   Absent   C:\WINDOWS\SYSTEM32\DRIVERS\KBLOCK.SYS      
1/5/2010 7:40:18 PM   Task started   Kaspersky Anti-Virus   Proactive Defense      
IM Anti-Virus   (events: 1)   
1/5/2010 7:40:19 PM   Task started   Kaspersky Anti-Virus   IM Anti-Virus      
Objects Scan   (events: 1)   
1/5/2010 7:45:17 PM   Task started   Kaspersky Anti-Virus   Full Scan      
My Update Center   (events: 2)   
1/5/2010 7:44:36 PM   Task completed   Kaspersky Anti-Virus   My Update Center      
1/5/2010 7:40:30 PM   Task started   Kaspersky Anti-Virus   My Update Center      
Date: Today   (events: 61)   
My Protection   (events: 6)   
1/6/2010 12:07:47 PM   Potentially unwanted software detected   Kaspersky Anti-Virus         
1/6/2010 12:02:46 PM   Threats have been detected   Kaspersky Anti-Virus         
1/6/2010 8:17:04 AM   Potentially unwanted software detected   Kaspersky Anti-Virus         
1/6/2010 8:13:39 AM   Threats have been detected   Kaspersky Anti-Virus         
1/6/2010 7:40:41 AM   Potentially unwanted software detected   Kaspersky Anti-Virus         
1/6/2010 7:09:18 AM   Your computer is protected   Kaspersky Anti-Virus         
File Anti-Virus   (events: 10)   
1/6/2010 9:13:56 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\37.ini   Read error   
1/6/2010 9:13:39 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\67.ini   Read error   
1/6/2010 9:13:28 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\6.ini   Read error   
1/6/2010 9:13:16 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\6.ini   Read error   
1/6/2010 9:11:08 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/6/2010 9:10:26 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/6/2010 9:09:55 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/6/2010 9:08:48 AM   Processing error   NAI Product Manager   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Agent.ini   Read error   
1/6/2010 7:06:57 AM   Task started   Kaspersky Anti-Virus   File Anti-Virus      
1/6/2010 12:03:47 AM   Processing error   Framework Service   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\McAfee\Common Framework\Task\168.ini   Read error   
Mail Anti-Virus   (events: 1)   
1/6/2010 7:06:57 AM   Task started   Kaspersky Anti-Virus   Mail Anti-Virus      
Web Anti-Virus   (events: 1)   
1/6/2010 7:06:57 AM   Task started   Kaspersky Anti-Virus   Web Anti-Virus      
Proactive Defense   (events: 35)   
1/6/2010 6:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 6:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 5:50:01 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 5:50:01 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 4:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 4:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 4:18:07 PM   Detected: PDM.DNS Query   mcci+McciBrowser   C:\PROGRAM FILES\VERIZON\MCCIBROWSER.EXE   Action selected by user   
1/6/2010 4:18:07 PM   Detected: PDM.DNS Query   mcci+McciBrowser   C:\PROGRAM FILES\VERIZON\MCCIBROWSER.EXE      
1/6/2010 4:18:07 PM   Detected: PDM.DNS Query   mcci+McciBrowser   C:\PROGRAM FILES\VERIZON\MCCIBROWSER.EXE   Action selected by user   
1/6/2010 4:18:07 PM   Detected: PDM.DNS Query   mcci+McciBrowser   C:\PROGRAM FILES\VERIZON\MCCIBROWSER.EXE      
1/6/2010 3:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 3:50:02 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 2:50:03 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 2:50:03 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 1:50:03 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 1:50:03 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 12:50:52 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 12:50:52 PM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 11:50:08 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 11:50:08 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 10:50:30 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 10:50:30 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 9:50:05 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 9:50:05 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 8:51:14 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS   Action selected by user   
1/6/2010 8:51:14 AM   Detected: PDM.DNS Query   REASSIGN.VBS   C:\WINDOWS\SYSTEM32\CCM\CACHE\DAL00011.4.SYSTEM\REASSIGN.VBS      
1/6/2010 7:13:17 AM   Detected: PDM.Hidden data sending   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE   Action selected by user   
1/6/2010 7:13:17 AM   Detected: PDM.Hidden data sending   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE      
1/6/2010 7:11:32 AM   Detected: PDM.DNS Query   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE   Action selected by user   
1/6/2010 7:11:32 AM   Detected: PDM.DNS Query   ACS DPA User Interface   C:\PROGRAM FILES\ACS\DPA\DPAUI.EXE      
1/6/2010 7:09:13 AM   Detected: PDM.DNS Query   ACS Data Protection Agent   C:\PROGRAM FILES\ACS\DPA\ACSDPA.EXE   Action selected by user   
1/6/2010 7:09:13 AM   Detected: PDM.DNS Query   ACS Data Protection Agent   C:\PROGRAM FILES\ACS\DPA\ACSDPA.EXE      
1/6/2010 7:09:13 AM   Detected: PDM.Keylogger   Absent   C:\WINDOWS\SYSTEM32\DRIVERS\KBLOCK.SYS   Action selected by user   
1/6/2010 7:09:13 AM   Detected: PDM.Keylogger   Absent   C:\WINDOWS\SYSTEM32\DRIVERS\KBLOCK.SYS      
1/6/2010 7:06:57 AM   Task started   Kaspersky Anti-Virus   Proactive Defense      
License manager   (events: 1)   
1/6/2010 7:06:52 AM   License validity period expires soon   Kaspersky Anti-Virus         
IM Anti-Virus   (events: 1)   
1/6/2010 7:06:57 AM   Task started   Kaspersky Anti-Virus   IM Anti-Virus      
Objects Scan   (events: 4)   
1/6/2010 1:15:06 PM   Task completed   Kaspersky Anti-Virus   Rootkit Scan      
1/6/2010 1:07:06 PM   Task started   Kaspersky Anti-Virus   Rootkit Scan      
1/6/2010 1:06:56 PM   Task completed   Kaspersky Anti-Virus   Full Scan      
1/6/2010 7:11:22 AM   Task started   Kaspersky Anti-Virus   Full Scan      
My Update Center   (events: 2)   
1/6/2010 7:29:18 AM   Task completed   Kaspersky Anti-Virus   My Update Center      
1/6/2010 7:22:10 AM   Task started   Kaspersky Anti-Virus   My Update Center      

[Samker]

As I suspect, You still have infected files.

We will first clean infection and after that look closer at McAfee problem:

Now please follow next steps:

1. Turn of System Restore

Steps to turn off System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

2. Update your McAfee AV and Malwarebytes

3. Download, Install and Update SUPERAntiSpyware: http://scforum.info/index.php/topic,116.0.html

4. Restart your PC and run in Safe Mode.

To start the computer in safe mode
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

2.
Click Start and then click Shut Down.

3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.
As your computer restarts but before Windows launches, press F8.
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

5.
Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

6.
If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.


Note•
If Windows launches before you can choose a safe mode, restart your computer and try again.
•
In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.
•
Safe mode helps you diagnose problems. If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change.
•
There are circumstances where safe mode will not be able to help you, such as when Windows system files that are required to start the system are corrupted or damaged. In this case, the Recovery Console may help you.
•
NUM LOCK must be off before the arrow keys on the numeric keypad will function.

5. Run Full Scans and Delete all suspected files, first with SUPERAntiSpyware and then with Malwartebytes

5. Run Full Scan with your McAfee AntiVirus

6. After that BitDefender Online Scan: http://scforum.info/index.php/topic,734.0.html

7. After that HijackThis (it's important to before running HJT turn of all possible programs)

8. Finally provide us new logs from both (BitDefender and HJT)


I'll be waiting your next reply.


Regards,

S.

[mikewu]

BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Jan 08, 2010 - 21:18:55
Scan Info
Scanned Files 7487293
Infected Files 0
Virus Detected No virus found.


================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:51 PM, on 1/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ACS\DPA\ACSDPA.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NALNTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\IBM\WebSphere MQ\bin\amqmtbrn.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://infobank.acs-inc.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DPRINT] C:\Program Files\ACS\DPA\DPAUI.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\40800036\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: WebSphere MQ Task Bar.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195494235122
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195494225349
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://acs-inc.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Americas.ONEACS.COM
O17 - HKLM\Software\..\Telephony: DomainName = Americas.ONEACS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Americas.ONEACS.COM
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ACSDPA - ACS - C:\Program Files\ACS\DPA\ACSDPA.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ataman TCP Remote Logon Services - Unknown owner - C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: BEA Products NodeManager (C_bea10_wlserver10) - BEA Systems, Inc. - C:\bea10\WLSERV~1\server\bin\beasvc.exe
O23 - Service: BEA WebLogic Platform 8.1 NodeManager - BEA Systems, Inc. - C:\bea815\WEBLOG~1\server\bin\beasvc.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - C:\Program Files\IBM\WebSphere MQ\bin\amqsvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINDOWS\system32\NALNTSRV.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\system32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13393 bytes
   

   

 
   

 

 
   

 
   

 

 
   

 
   

 

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

[Samker]

Ok Mike, this look much better.


McAfee still doesn't work, right?


If not, please follow next instructions:

1. Right click on McAfee tray icon (near clock), chose VirusScan Console, right click on On-Access Scanner and click on Enable.
If this doesn't work give us details what's happened and did you receive some message??


2. If you fail with No1., try to completely remove/reinstall McAfee AV through Ad-Remove Programs, restart your PC and install McAfee again.


3. If you fail with No2. also, run McAfee Virtual Technician and give us infos about problem from them: http://mvt.mcafee.com/mvt/en-us/default.html?en-us


cya,

S.

[mikewu]

On-Access Scnner is enabled.
The problem is the McAfee Sceurity Scan still shows "Your computer is at risk, Anti-Virus Protection needs Attention and Firewall is Off"
"Fix Now" opens the browser to McAfee purchasing site. Installed McAfee Virtual Technician, no error was found.