Antivirus Guys Professional Virus Removal Advice

This is another one of those malware programs that is annoying millions of unsuspecting internet users that mostly use Windows XP computers. This program will dig itself in well and can be difficult to remove.

The best tool I have found for this type of malware is Malwarebytes Antimalware program. There is another program on the market that will help to prevent these kinds of infections also. In order to do that, you should get the professional version of this other program. Then you will have some decent protection against these kinds of attacks.

As with the other programs similar to this one, you should avoid typing in your credit card info. If you submitted it before realizing that you were being scammed then I suggest you call your credit card company and have them cancel that card. These malware people are true criminals in every sense. You can bet that your card will be milked for all it is worth.

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.373 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\52399836
c:\documents and settings\All Users\Application Data\52399836\52399836.exe
c:\documents and settings\Jill\Desktop\Security Tool.lnk
c:\documents and settings\Jill\Start Menu\Programs\Security Tool.lnk
c:\program files\Common Files\download
c:\program files\Common Files\download\3DEmoticons.zip
c:\program files\Common Files\download\mc-67-525-0000166.exe
c:\program files\Common Files\windows
c:\program files\Common Files\windows\AutoIt3.exe
c:\program files\Common Files\windows\psapi.dll
c:\program files\Common Files\windows\request.html
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-03 22:08 . 2009-10-28 22:37 329592 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-02-03 22:08 . 2009-10-28 22:37 811896 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-02-03 22:08 . 2009-10-28 22:37 488312 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-02-03 22:08 . 2009-10-28 22:37 343088 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-02-03 22:08 . 2009-10-28 22:37 466992 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-02-03 22:01 . 2010-02-03 22:01 84912 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\naveng.sys
2010-02-03 22:01 . 2010-02-03 22:01 371248 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\eeCtrl.sys
2010-02-03 22:01 . 2010-02-03 22:01 1323568 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\navex15.sys
2010-02-03 22:01 . 2010-02-03 22:01 102448 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\eraser.sys
2010-02-03 22:01 . 2010-02-03 22:01 1647984 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\navex32a.dll
2010-02-03 22:01 . 2010-02-03 22:01 259440 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\ecmsvr32.dll
2010-02-03 22:01 . 2010-02-03 22:01 177520 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\naveng32.dll
2010-02-03 22:01 . 2010-02-03 22:01 2747440 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100203.004\cceraser.dll
2010-02-03 21:56 . 2010-02-03 21:59 ——– d—–w- c:\documents and settings\All Users\Application Data\07609830

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 20:21 . 2008-08-29 02:23 ——– d—–w- c:\documents and settings\Jill\Application Data\EndNote
2010-01-13 23:03 . 2008-09-04 01:38 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-05 10:00 . 2004-08-04 11:00 832512 —-a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 11:00 78336 —-a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 11:00 17408 —-a-w- c:\windows\system32\corpol.dll
2010-01-03 03:27 . 2005-04-05 21:32 ——– d—–w- c:\program files\Java
2010-01-03 03:22 . 2009-07-21 20:08 ——– d—–w- c:\program files\Common Files\Motive
2009-12-31 22:16 . 2008-08-25 02:09 20 —h–w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-05 04:54 . 2009-12-05 04:54 529456 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2009-11-25 18:35 . 2009-11-25 18:35 60808 —-a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-25 18:35 . 2009-11-25 18:35 124976 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 15:51 . 2004-08-04 11:00 471552 —-a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 15:23 . 2009-11-25 15:16 3775256 —-a-w- c:\documents and settings\All Users\Application Data\Temp\AVG\setup.exe
2009-11-13 03:21 . 2005-04-09 19:05 76448 -c–a-w- c:\documents and settings\Jill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DellSupport”=”c:\program files\DellSupport\DSAgnt.exe” [2007-03-15 460784]
“MSMSGS”=”c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
“ccWasher”=”c:\program files\Cookie Washer\aolwasher.exe” [2001-08-16 2982400]
“Aim6″=”c:\program files\AIM6\aim6.exe” [2009-05-26 49968]
“updateMgr”=”c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IntelMeM”=”c:\program files\Intel\Modem Event Monitor\IntelMEM.exe” [2003-09-04 221184]
“UpdateManager”=”c:\program files\Common Files\Sonic\Update Manager\sgtray.exe” [2004-01-07 110592]
“RealTray”=”c:\program files\Real\RealPlayer\RealPlay.exe” [2005-04-05 26112]
“QuickTime Task”=”c:\program files\QuickTime\qttask.exe” [2007-04-27 282624]
“dla”=”c:\windows\system32\dla\tfswctrl.exe” [2004-12-06 127035]
“DeviceDiscovery”=”c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2002-12-03 40960]
“AOLDialer”=”c:\program files\Common Files\AOL\ACS\AOLDial.exe” [2004-04-07 496752]
“igfxtray”=”c:\windows\system32\igfxtray.exe” [2005-10-14 94208]
“igfxhkcmd”=”c:\windows\system32\hkcmd.exe” [2005-10-14 77824]
“igfxpers”=”c:\windows\system32\igfxpers.exe” [2005-10-14 114688]
“mmtask”=”c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe” [2006-01-17 53248]
“GrooveMonitor”=”c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“SunJavaUpdateSched”=”c:\program files\Java\j2re1.4.2_03\bin\jusched.exe” [2003-11-19 32881]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
“washindex”=”c:\program files\Cookie Washer\washidx.exe” [2001-07-24 72704]

c:\documents and settings\Jill\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk – c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk – c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
America Online 9.0 Tray Icon.lnk – c:\program files\America Online 9.0c\aoltray.exe [2006-3-19 156784]
Nikon Monitor.lnk – c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0×0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe”=
“c:\\Program Files\\America Online 9.0b\\waol.exe”=
“c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe”=
“c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe”=
“c:\\Program Files\\America Online 9.0c\\waol.exe”=
“c:\\Program Files\\AIM\\aim.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\LimeWire\\2\\LimeWire.exe”=
“c:\\Program Files\\AIM6\\aim6.exe”=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NAV\1101000.013\SymDS.sys [11/25/2009 1:35 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1101000.013\SymEFA.sys [11/25/2009 1:35 PM 171056]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [12/4/2009 11:54 PM 529456]
S1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1101000.013\cchpx86.sys [11/25/2009 1:35 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1101000.013\Ironx86.sys [11/25/2009 1:35 PM 114736]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [11/25/2009 1:34 PM 126392]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/1/2007 8:37 PM 24652]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [7/2/2009 11:06 PM 65596]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/27/2009 6:05 PM 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [2/3/2010 5:08 PM 329592]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\SYSTEM32\dllhost.exe [8/4/2004 6:00 AM 5120]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\SYSTEM32\DRIVERS\WUSB54GSCV2.sys [7/2/2009 11:06 PM 198144]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.yahoomail.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: &AIM Search – c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search – c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel – c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: ActiveGS.cab – hxxp://www.virtualapple.org/activegs.cab
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} – hxxp://www.gamehouse.com/games/PiratePoppers.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} – hxxp://www.gamehouse.com/games/bonnie/popcaploader.cab
.
- – - – ORPHANS REMOVED – - – -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
HKLM-Run-Verizon_McciTrayApp – c:\program files\Verizon\McciTrayApp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 13:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
“ImagePath”=”\”c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\” /s \”NAV\” /m \”c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\” /prefetch:1″
.
——————— DLLs Loaded Under Running Processes ———————

- – - – - – - > ‘winlogon.exe’(596)
c:\windows\System32\BCMLogon.dll