I have a pak_generic.001 virus along with many other that inavded my system

View previous topic View next topic Go down

I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 9th June 2009, 7:14 am

yesterday my daughter was not able to get her lap top to boot up. it would sart to boot and then completely freeze. I attempted to load the OS in safe mode that it would just stop and completely freeze up before being able to enter through the start up screen it would crash. after 30 mins or so and several crashed the PC did eventualy boot and loaded the XP and once loaded the trend micro sys office scan antivirus reported that there was a PAK_GENERIC.001 in my documents and settings. IT quanantined this virus 7 times. after that i ran trend micro systems hijack this and Malwarebytes Anti-Malware. The MBAM program found like 26 infection during the full systems scan.... I have included those scan results with this post. as well as the original Hijack this log. ran after the the MBAM Scan.. I was not able to copy the antivirus log but. it read as follows PAK_Generic.001(21 and there were of those & Pak _generic.001(19 and there were 2 of them. Per your request i have included a current and recent scan log for hijack this.>>>>>>>>>>>>>it will be the final scan on this post... Thanks for any help you may be able to provide me.

HERE IS THE THE CURRENT HIJACK THIS SCAN...
HERE IS THE CURRENT HIJACKHTIS SCAN LOG . IT WAS JUST RAN... THANKS....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:22 AM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\HDCB0A.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\DLTray.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\Software\..\Telephony: DomainName = la.minebea.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DeviceLock Service (Device Lock) - DeviceLock, Inc. - C:\WINDOWS\System32\DLService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe-
End of file - 5523 bytes

SEE NEXT POST FOR PERVOUS SCAN WITH VIRUS IDENTIFICATIONS..


Last edited by Doctor Inferno on 9th June 2009, 7:39 am; edited 1 time in total (Reason for editing : Caps removed off title.)

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 9th June 2009, 7:16 am

(( 1ST SCAN DONE ON THE PC)))

Malwarebytes' Anti-Malware 1.37
Database version: 2246
Windows 5.1.2600 Service Pack 3

6/7/2009 10:54:05 PM
mbam-log-2009-06-07 (22-53-58).txt

Scan type: Full Scan (C:\|D:\|E:\|U:\|)
Objects scanned: 175422
Time elapsed: 1 hour(s), 0 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> No action taken.

Files Infected:
c:\documents and settings\MJONES\local settings\Temp\CSM72.tmp (Adware.RelevantKnowledge) -> No action taken.
c:\documents and settings\MJONES\local settings\Temp\c.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP837\A0283403.exe (Trojan.Proxy) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP838\A0284403.exe (Trojan.Proxy) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP838\A0284405.exe (Trojan.Proxy) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP838\A0284414.exe (Worm.Koobface) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP838\A0284415.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP838\A0284421.exe (Trojan.Proxy) -> No action taken.
c:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.Data) -> No action taken.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\ro122715.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\ro122730.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\ro122739.dat (Worm.KoobFace) -> No action taken.

SEE NEXT POST FOR THE ORIGINAL HIJACKTHIS SCAN LOG DONE YESTERDAY..

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 9th June 2009, 7:18 am

THIS IS THE ORIGINAL SCAN DO AFTER THE mbam SCAN...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:56 PM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
c:\windows\system32\nslsvice.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\SH93.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\DLTray.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;;;;;;;;;;;;;;;;;;;;
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivirus.com
O1 - Hosts: 209.44.111.57 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [EPM Agent] c:\PROGRA~1\ipass\epm\rstate.exe /LOGON
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [1] \\sla518\EZ_GPO\EZ_GPO_Tool.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dnb.com
O15 - Trusted Zone: *.fleet.com
O15 - Trusted Zone: *.honeywell.com
O15 - Trusted Zone: *.ibm.com
O15 - Trusted Zone: *.logitech.com
O15 - Trusted Zone: *.lotus.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\Software\..\Telephony: DomainName = la.minebea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DeviceLock Service (Device Lock) - DeviceLock, Inc. - C:\WINDOWS\System32\DLService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - c:\windows\system32\nslsvice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12969 bytes

THANKS OS MUCH I SURE HOPE THERE IS SOMTHING THAT CAN BE DONE....

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by Belahzur on 9th June 2009, 5:07 pm

I'm confused now. Which is the LATEST Hijack This log? Did you remove everything MBAM found?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 9th June 2009, 8:43 pm

I AM SORRY ABOUT THAT.. I HAVE INCLUDED ONLY THE M,OST RECENT HIJACK THIS LOG.. IT IS AS FOLLOWS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:19 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\AJ3FC7.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\DLTray.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Live Support Host] "c:\program files\ipass\epm\marchost.exe" -servicehelper
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\Software\..\Telephony: DomainName = la.minebea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = la.minebea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = la.minebea.local,la.minebea.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DeviceLock Service (Device Lock) - DeviceLock, Inc. - C:\WINDOWS\System32\DLService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 7828 bytes

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 9th June 2009, 8:52 pm

i HAD INCLUDED THE OLDER 2 HIJACK THIS SCAN FILES SO THAT YOU COULD SEE JUST WHAT HAD INVADED MY SYSTEM.

AS FAR AS REMOVING THE INFECTIONS THAT MALWAREBYTES FOUND IT STATED THAT THEY HAD BEEN QUARINTINED AND DELETED BUT SOME OF THE TROJANS THAT IT FOUND WERE LATER BEING PICKED UP BY HIJACKTHIS.. AND AGAIN BY MALWAREBYTES WHEN I RE-RAN A FULLSYTEM SCAN FOR THE 2ND TIME... BUT I WILL LET YOU TELL ME WHAT IT IS THAT YOU NEED. AND WHAT I SHOULD DO......... THANKS


AS FAR AS I KNOW MALWAREBYTES WAS ABLE TO REMOVE THEM... HOWEVER WHEN I LOOKED IN THE QUARTINED VAULT NOTHING WAS THERE...

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by Belahzur on 10th June 2009, 12:48 am

Hello.
Hijack This is only a scanner on the front end, the stuff it finds doesn't mean the infection files are actually there, Hijack This is only detecting leftover registry keys.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
    O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)


  • Press "Fix Checked"
  • Close Hijack This.

Next,

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 10th June 2009, 4:23 am

Hey, thank you! Here is the log file.
DDS (Ver_09-05-14.01) - NTFSx86
Run by LA03386 at 21:15:25.98 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1390 [GMT -7:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {21C7968A-04B7-4E8B-89F5-51747D4FACA2}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\DLService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\QBF921.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\DLTray.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MJONES\Desktop\dds.pif

============== Pseudo HJT Report ===============

uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [Live Support Host] "c:\program files\ipass\epm\marchost.exe" -servicehelper
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
Trusted Zone: aol.com\free
Trusted Zone: google.com
Trusted Zone: microsoft.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mjones\applic~1\mozilla\firefox\profiles\0qajyjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 Device Lock;DeviceLock Service;c:\windows\system32\DLService.exe [2008-4-18 3106376]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-8-16 205328]
R2 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2007-11-30 939344]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-8-16 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-30 315408]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [2005-6-2 22144]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-8 33176]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-1-24 91797]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-11-30 558416]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-5 280344]

=============== Created Last 30 ================

2009-06-09 21:14 <DIR> --d-h--- c:\windows\PIF
2009-06-09 20:51 390,728 a------- c:\windows\system32\DLTray.EXE
2009-06-09 18:55 135,168 a------- C:\zip.exe
2009-06-09 18:55 574 a------- C:\cleanup.bat
2009-06-09 13:19 <DIR> --d----- C:\ComboFix
2009-06-09 13:19 389,120 a------- c:\windows\system32\CF22640.exe
2009-06-09 13:18 389,120 a------- c:\windows\system32\cmd.execf
2009-06-09 12:12 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-09 02:29 <DIR> --d----- C:\Rooter$
2009-06-09 01:40 <DIR> a-dshr-- C:\cmdcons
2009-06-09 01:38 161,792 a------- c:\windows\SWREG.exe
2009-06-09 01:38 155,136 a------- c:\windows\PEV.exe
2009-06-09 01:38 98,816 a------- c:\windows\sed.exe
2009-06-08 22:50 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-06-08 22:16 <DIR> --d----- c:\program files\JavaRa
2009-06-08 22:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-08 22:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-08 20:37 <DIR> --d----- c:\program files\CCleaner
2009-06-08 20:33 <DIR> --d----- c:\program files\avenger
2009-06-07 23:41 <DIR> --d----- c:\program files\VS Revo Group
2009-06-07 21:49 <DIR> --d----- c:\docume~1\mjones\applic~1\Malwarebytes
2009-06-07 21:49 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 21:49 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-07 21:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-07 21:41 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-01 20:23 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-01 20:23 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-06-01 20:22 490,008 a------- c:\windows\system32\LVUI2.dll
2009-06-01 20:22 195,096 a------- c:\windows\system32\lvci11721059.dll
2009-06-01 20:22 68,960 a------- c:\windows\system32\lvcoinst.ini
2009-06-01 20:22 4,658,456 a------- c:\windows\system32\drivers\lvuvc.sys
2009-06-01 20:22 465,432 a------- c:\windows\system32\LVUI2RC.dll
2009-06-01 20:22 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-06-01 20:22 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-06-01 20:22 628,760 a------- c:\windows\system32\drivers\lvrs.sys
2009-06-01 20:22 25,974 a------- c:\windows\system32\Repository.reg
2009-06-01 20:22 23,832 a------- c:\windows\system32\drivers\lvuvcflt.sys
2009-06-01 20:16 <DIR> --d----- c:\docume~1\mjones\applic~1\DriverCure
2009-06-01 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-06-01 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-06-01 20:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-01 19:58 20,992 a------- c:\windows\system32\dshowext.ax
2009-06-01 19:58 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-05-24 22:33 <DIR> --dsh--- c:\documents and settings\mjones\PrivacIE
2009-05-24 22:33 <DIR> --dsh--- c:\documents and settings\mjones\IECompatCache
2009-05-24 17:57 <DIR> --dsh--- c:\documents and settings\mjones\IETldCache
2009-05-24 17:36 <DIR> --d----- C:\7da3f945d3fb2b556ccc55c190a8
2009-05-24 17:35 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-24 17:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-24 17:05 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-24 17:00 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-24 17:00 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-24 17:00 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-24 16:58 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-24 16:58 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-05-24 16:49 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-05-19 16:24 <DIR> --d----- c:\documents and settings\mjones\Tracing
2009-05-19 16:23 <DIR> --d----- c:\program files\Microsoft
2009-05-19 16:23 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-19 16:16 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-06-09 20:51 11,336 a------- c:\windows\system32\DLServiceMsg.dll
2009-06-09 20:51 714,312 a------- c:\windows\system32\DLGPC.DLL
2009-05-31 21:35 87,916 a---h--- c:\windows\system32\mlfcache.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-12-02 09:54 60,744 a------- c:\documents and settings\mjones\g2mdlhlpx.exe
2007-10-22 13:55 105,560 a------- c:\docume~1\mjones\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 21:15:38.03 ===============

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by Belahzur on 10th June 2009, 2:19 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I have a pak_generic.001 virus along with many other that inavded my system

Post by afreshgeeksterwannabe on 10th June 2009, 6:09 pm

It is running really well again! Thank you so much for your time and help, I really appreciate it. Is there any maintenance I should do now? Thanks again geek police rules!!!

afreshgeeksterwannabe
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-09
OS OS : XP
Points Points : 27420
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum