System Security

View previous topic View next topic Go down

System Security

Post by JohnS on Sat Jun 13, 2009 6:53 pm

I am usually decent at taking out malware but recently I got infected and as I crush one thing another pops up. This thing, System Security, is the worst I've ever had.

I've read other threads and, much like everyone else here, I can't run ANY .exe files. That is not hyperbole; internet explorer is the only thing I can run.

I went through dalton's thread on this and a tech guy posted a direct link to the icesword.exe file on rapidshare. When I click run, it does nothing.

I have no clue how to beat this. Thank you for any help.

Edit: I also cannot enter safe mode. I think I'm SoL Sad tearing

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sat Jun 13, 2009 7:02 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 7:04 pm

System Security stopped it cold; A little bubble appears by the infernal icon in my tray that says dds.scr is infected. I try to open it from desktop and it instantly is closed and the warning from system security is repeated.

btw, thx for any help.

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Origin on Sat Jun 13, 2009 7:35 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. IceSword.exe will randomly rename itself when opened, so let me know if it is able to bypass the malware and stays open.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 7:44 pm

Yeehaw, it worked. I was reading other threads on this and I've already deleted the two random registry entries. I've restarted and no system security! I can run things! I've downloaded HiJack this, combofix, malware bytes, dds.scr, and adaware.

I await your command,
Let's rock and roll. Smile

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sat Jun 13, 2009 7:47 pm

Please run Hijack This and post a log.

DO NOT use Combofix on your own, it's far too powerful if you don't know what your doing.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 7:54 pm

Yah you're right about combofix. I used it in the past and I think it knocked out the ability of my comptuer to display css. Ah well, formatting is overrated Goofy

Incoming log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:35 PM, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FlashMute\FlashMute.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12085 bytes

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sat Jun 13, 2009 7:56 pm

Hello.
A few things need to be uninstalled first.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 8:04 pm

Below is the uninstall list. I should also mention that previously (before reading Origin's post in this thread) I opened up ad-remove programs and deleted system security and also ran malaware bytes / restarted. I say this in case you're looking to delete something that might have already been deleted. Again, thx to everyone.


Log file:

3114 SATARAID5
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
AIM 6
AOL Uninstaller (Choose which Products to Remove)
BitLord 1.1
CadStd
ccCommon
CCleaner (remove only)
Celestia 1.5.1
Civilization III
CloneDVD 3.5
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Curse Client
DawnOfWar
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Don't Touch My Computer 2 Screen Saver
DOW RDN Tools 1.41
DVD Decrypter 3.5.4.0
DVD Shrink 3.2
Fable - The Lost Chapters
FileZilla Client 3.2.1
FLV Player 1.3.3
Free Ram Optimizer XP 1.0
Google Earth
Grand Theft Auto Vice City
GTA San Andreas
HijackThis 2.0.2
hp deskjet 3500 series
HTML-Kit
Internet Worm Protection
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 5.1.2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Morpheus 5.2 (remove only)
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Demo
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
NvMixer
QuickTime
QuickTime Alternative 1.67
RAR Password Cracker 4.12
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 Gold
Skype™ 3.2
SPBBC
Spyware Doctor 6.0
Steam
Symantec
Symantec Script Blocking Installer
SymNet
System Requirements Lab
TBS WMP Plug-in
TeamSpeak 2 RC2
TorrentMan Toolbar
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VNC Free Edition 4.1.3
WinBoard
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sat Jun 13, 2009 8:10 pm

Hello.

I see that you are running BitLord.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitLord is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitLord 1.1
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 5.1.2
    TorrentMan Toolbar

Since MBAM is already on the system, please open it.
Then go into the update tab and update it's database, then run a new scan for me.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 8:24 pm

All files deleted (including precious limewire Sad tearing )
I've completed the update (from version 2250 to 2273) and run a quick scan.

Here is logfile:
Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 3:22:48 PM
mbam-log-2009-06-13 (15-22-46).txt

Scan type: Quick Scan
Objects scanned: 83231
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1993962763-1682526488-725345543-1003\Dc1\PAVRM.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.




Also: Are all p2p / torrent programs considered dangerous by you or just bitlord / limewire? p2p and torrents are half the fun of cable internet, I'd hate to forgo them permanently.

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sat Jun 13, 2009 8:29 pm

ALL P2P programs are unsafe, you have no idea what your downloading is infected or not.
Torrents are the same, there is also law enforcements sat on some popular torrents, so they can catch people out and prosecute you.

You really need to be careful.

The log says no action taken, did you remove the two items?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 8:37 pm

Who said I used them illegally? Smile

I've removed those two files now. It tells me I need to restart. Restarting now / log below.

Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 3:22:48 PM
mbam-log-2009-06-13 (15-22-46).txt

Scan type: Quick Scan
Objects scanned: 83231
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1993962763-1682526488-725345543-1003\Dc1\PAVRM.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.


edit: I'm back from the restart and I've run another quick scan. The skynet thing is still on there :\. Should I try the remove / restart option again?

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Origin on Sat Jun 13, 2009 8:47 pm

It still says no action taken, did you check "Remove Selected"?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 8:50 pm

I thought I did; it also prompted a restart. The C:\recycler thing is now gone, but the skynetlog.dat was persistent through restart. I'll try again to remove / restart the skynet thing.

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sat Jun 13, 2009 9:04 pm

Tried the remove / restart thing again; skynetlog.dat just won't go down. Here is log:

Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 4:03:56 PM
mbam-log-2009-06-13 (16-03-56).txt

Scan type: Quick Scan
Objects scanned: 83627
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> Delete on reboot.

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Origin on Sat Jun 13, 2009 9:17 pm


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sun Jun 14, 2009 10:16 am

Thx for all help everyone. Here is the combofix log. I believe I'm out of / nearly out of the woods. I'm going to split this in half as the forum states this post is too big.

ComboFix 09-06-13.03 - John 06/13/2009 17:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.493 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19284844
c:\documents and settings\All Users\Application Data\99294836
c:\windows\system32\drivers\SKYNETqrxnlnsv.sys
c:\windows\system32\drivers\UACnojsmelpnhsipaq.sys
c:\windows\system32\UACdpxormsvuxhrnnc.db
c:\windows\system32\UACtoqooboxnlirtlx.dat
c:\windows\system32\UACxvikytitevnftor.dll
c:\documents and settings\All Users\Application Data\19284844\19284844.exe
c:\documents and settings\All Users\Application Data\19284844\19284844.glu
c:\documents and settings\All Users\Application Data\19284844\pc19284844cnf
c:\documents and settings\All Users\Application Data\19284844\pc19284844ins
c:\documents and settings\All Users\Application Data\99294836\99294836.exe
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\drivers\jloevqfe.sys
c:\windows\system32\drivers\SKYNETqrxnlnsv.sys
c:\windows\system32\drivers\UACnojsmelpnhsipaq.sys
c:\windows\system32\kungsfypdwyktu.dat
c:\windows\system32\UACxvikytitevnftor.dll
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETiqombcim
-------\Service_UACd.sys
-------\Service_kungsfhklvisrq


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 22:57 . 2009-06-13 22:57 -------- d-----w- c:\windows\LastGood
2009-06-13 19:41 . 2009-06-13 19:41 -------- d-----w- c:\program files\Trend Micro
2009-06-09 15:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-09 15:49 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 15:49 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 15:49 . 2009-06-12 06:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 15:49 . 2009-06-09 15:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-09 15:49 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 15:48 . 2009-06-11 19:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-09 15:48 . 2009-06-09 15:48 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2009-06-09 15:48 . 2009-06-09 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-02 16:59 . 2009-06-02 16:59 390664 ----a-w- c:\documents and settings\John\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 06:08 . 2009-06-02 06:08 -------- d-----w- c:\program files\CCleaner
2009-06-02 05:00 . 2009-06-02 04:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-02 04:34 . 2009-06-02 04:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-02 04:34 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-02 04:34 . 2009-06-02 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-26 19:14 . 2009-05-26 19:14 -------- d-----w- c:\program files\Celestia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 22:58 . 2006-01-10 18:47 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-06-13 22:58 . 2008-03-12 21:49 -------- d-----w- c:\program files\DNA
2009-06-13 22:58 . 2008-03-12 21:49 -------- d-----w- c:\documents and settings\John\Application Data\DNA
2009-06-13 20:15 . 2006-01-08 23:43 -------- d-----w- c:\program files\Java
2009-06-13 20:13 . 2007-03-08 02:52 -------- d-----w- c:\program files\BitLord
2009-06-13 18:26 . 2009-03-14 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 19:43 . 2006-01-09 00:14 -------- d-----w- c:\program files\World of Warcraft
2009-06-11 19:09 . 2006-01-10 18:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 00:54 . 2006-02-06 07:52 -------- d-----w- c:\program files\Viewpoint
2009-06-09 00:54 . 2006-02-06 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-05 19:40 . 2006-02-23 21:18 -------- d-----w- c:\program files\Morpheus
2009-06-02 04:34 . 2006-02-06 04:37 -------- d-----w- c:\program files\Lavasoft
2009-05-26 18:57 . 2007-10-15 02:26 -------- d-----w- c:\documents and settings\John\Application Data\BitTorrent
2009-05-26 18:20 . 2009-03-14 23:13 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-03-14 23:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-29 10:45 . 2009-02-20 00:27 -------- d-----w- c:\program files\Curse
2009-04-29 04:17 . 2009-04-29 01:49 -------- d-----w- c:\documents and settings\John\Application Data\IMVU
2009-04-29 01:49 . 2009-04-29 01:49 80967 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\Uninstall.exe
2009-04-29 01:49 . 2009-04-29 01:49 -------- d-----w- c:\documents and settings\John\Application Data\IMVUClient
2009-04-26 21:14 . 2009-04-26 21:14 -------- d-----w- c:\program files\Ventrilo
2009-04-26 21:13 . 2009-04-26 21:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-24 00:48 . 2009-04-24 00:48 95584 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\IMVUupdater.exe
2009-04-24 00:48 . 2009-04-24 00:48 49920 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\IMVUClient.exe
2009-04-24 00:48 . 2009-04-24 00:48 19200 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\imvuqualityagent.exe
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\xul.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\pixomatic.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-08-20 40960]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-26 342848]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-09 1934336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-27 59040]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-01-10 100056]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-02-25 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-25 454656]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-25 212992]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 185896]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2006-01-19 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-02 518488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"ccSetMgr"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Sun Jun 14, 2009 10:16 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139212341\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139212341\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Steam\\SteamApps\\brynnis\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 nenum13E;nenum13E;c:\docume~1\John\LOCALS~1\Temp\nenum13E.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-02 64160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-02 1005904]

.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:37]

2009-06-06 c:\windows\Tasks\Norton AntiVirus - Scan my computer - John.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 18:54]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)


.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1682526488-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,5b,ab,c7,bb,15,b2,b9,f7,b3,b8,cf,a0,f8,3c,08,cf,5d,c7,4e,4b,a9,25,
9b,7a,39,ac,5b,31,74,8b,14,b1,4c,62,dc,7c,92,8e,15,c5,00,35,5b,37,0d,cf,60,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1492)
c:\program files\FlashMute\mutelib.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
.
**************************************************************************
.
Completion time: 2009-06-13 21:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 02:32

Pre-Run: 49,639,190,528 bytes free
Post-Run: 49,315,258,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

260 --- E O F --- 2008-04-09 23:38

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Sun Jun 14, 2009 2:23 pm

Hello.
Need an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Tue Jun 16, 2009 12:13 am

Sorry for the long delays between posts; again thx for help. Uninstall list posted below:

3114 SATARAID5
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
AIM 6
AOL Uninstaller (Choose which Products to Remove)
CadStd
ccCommon
CCleaner (remove only)
Celestia 1.5.1
Civilization III
CloneDVD 3.5
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Curse Client
DawnOfWar
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Don't Touch My Computer 2 Screen Saver
DOW RDN Tools 1.41
DVD Decrypter 3.5.4.0
DVD Shrink 3.2
Fable - The Lost Chapters
FileZilla Client 3.2.1
FLV Player 1.3.3
Free Ram Optimizer XP 1.0
Google Earth
Grand Theft Auto Vice City
GTA San Andreas
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
hp deskjet 3500 series
HTML-Kit
Internet Worm Protection
IrfanView (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Morpheus 5.2 (remove only)
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Demo
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
NvMixer
QuickTime
QuickTime Alternative 1.67
RAR Password Cracker 4.12
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 Gold
Skype™ 3.2
SPBBC
Spyware Doctor 6.0
Steam
Symantec
Symantec Script Blocking Installer
SymNet
System Requirements Lab
TBS WMP Plug-in
TeamSpeak 2 RC2
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VNC Free Edition 4.1.3
WinBoard
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Tue Jun 16, 2009 12:22 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Morpheus 5.2 (remove only)
    Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

Driver::
nenum13E

Folder::
c:\program files\DNA
c:\documents and settings\John\Application Data\DNA
c:\program files\BitLord
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Morpheus
c:\documents and settings\John\Application Data\BitTorrent
c:\Program Files\BitTorrent_DNA
c:\Program Files\BitTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Morpheus\\Morpheus.exe"=-
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Tue Jun 16, 2009 12:47 am

Um...My computer seems to be working fine now, and most of those programs you have referenced haven't been used in about 3-4 months. I'm very appreciative of help but if the deal is for your help I have to dismantle my ability to download songs and movies, I'm not sure that is a tradeoff I'm willing to make. As ungrateful as it may be to question your motives, I feel I have to ask before unflinchingly deleting everything :\ If your interests are thoroughness to that degree, then that means I would have to delete every file ever downloaded on p2p...and that ain't happenin'.

note: I did delete viewpoint and its application data.

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Belahzur on Tue Jun 16, 2009 1:05 am

Okay, I'll let you keep them, just be careful. Don't need to run the CFScript as along as Viewpoint is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security

Post by JohnS on Tue Jun 16, 2009 1:18 am

Thank you very much for all the help and patience. I sent you guys a little cash, its not a lot but I hope it helps.

I hope anyone who is reading this who can spare a couple bucks donates. Everything the crew here did in response to my situation was done spot on including their expertise, quick responses, and overall customer service.

Thanks again,

JohnS

JohnS
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-13
OS OS : Windows XP sp2
Points Points : 27346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security

Post by Origin on Tue Jun 16, 2009 2:20 am

Glad we could help Wink



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum